Closed llaumgui closed 6 months ago
Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.
Based on the information provided, it seems like you're encountering an issue with session elevation via One-Time Password (OTP) when trying to modify WebAuthn credentials, resulting in a 403 error. This error is specifically mentioned in the logs as "the code didn't match any recorded code challenges," indicating a mismatch or an issue with the OTP validation process.
Given the context, here are a few steps and considerations to troubleshoot and potentially resolve the issue:
Ensure Correct OTP Entry: Double-check that the OTP entered is correct and generated for the current time window. OTPs are time-sensitive, and even slight discrepancies in system time between your device and the server can cause validation failures.
System Time Synchronization: Ensure that the system time on the server hosting Authelia and your OTP-generating device (usually a smartphone) are synchronized. Time drift can lead to OTP mismatches. You can use NTP (Network Time Protocol) services to keep the server time accurate.
Check Authelia Configuration: Review your Authelia configuration for any misconfigurations, especially around the second factor authentication settings. The Time-based One Time Password documentation might provide additional insights into configuration options and requirements.
Review Proxy Configuration: Since you're using Traefik as a reverse proxy, ensure that it's correctly configured to work with Authelia. Misconfigurations in the proxy can lead to various issues, including session handling and authentication flow disruptions. The Traefik integration guide on Authelia's documentation might offer useful configuration examples and tips.
Consult Authelia's Documentation and Community: If the issue persists, consider reaching out to the Authelia community or consulting the documentation for further assistance. There might be known issues or additional troubleshooting steps available that could help resolve your specific problem.
Check for Authelia Updates: Ensure that you're running the latest version of Authelia. If you're not, consider upgrading since the issue you're facing might have been addressed in a newer version.
If after following these steps the issue remains unresolved, providing more detailed logs, configuration snippets (with sensitive information redacted), and any additional context about your setup could help in diagnosing the problem more effectively.
This comment was generated by Glime.
What do you mean OTP? Are you entering the code that was emailed to you?
I have already OTP configured. I use my application for that. My webauthn device is flagged legacy and I would like delete and add after the same key.
Use the emailed one time code as you're prompted. Feel free to open a discussion instead of an issue if you need help.
Hi,
Thx, in fact, is a sender SMTP issue. Just that is not clear in the log reading.
Thx, you can close.
Version
v4.38.0
Deployment Method
Docker
Reverse Proxy
Traefik
Reverse Proxy Version
2.11.0
Description
When I want edit / delete / add a WebAuthn Credentials, I must put my OTP. But when I put it, I have 403 on PUT:/api/user/session/elevation.
Be sure that my OTP allow to logged.
Reproduction
Go to new settings dashboard. Edit / add or delete a WebAuthn Credentials.
Expectations
No response
Configuration (Authelia)
No response
Build Information
Logs (Authelia)
Logs (Proxy / Application)
No response
Documentation
No response
Pre-Submission Checklist
[X] I agree to follow the Code of Conduct
[X] This is a bug report and not a support request
[X] I have read the security policy and this bug report is not a security issue or security related issue
[X] I have either included the complete configuration file or I am sure it's unrelated to the configuration
[X] I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant
[X] I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
[X] I have checked for related proxy or application logs and included them if available
[X] I have checked for related issues and checked the documentation