search

haiwen / seafile-client

Seafile desktop client.
http://seafile.com
Apache License 2.0
469 stars 281 forks source link

authentication window does not support webauthn #1488

Closed hex-m closed 3 months ago

hex-m commented 11 months ago

We delegate the authentication to our identity provider (IDP) via SAML and support Webauthn as a second factor.

The browser-window that Seafile opens for the authentication process does not support webauthn (it completely ignores both the platform authenticator (windows hello) and FIDO2-tokens connected via USB.

We tested this on GNU/Linux and Windows.

One way to solve this would be to open the login-window in the default browser of the operating system. (This is how e.g. element-desktop does it.) Alternatively it may help to update the integrated browser.

keywords: fido2, webauthn, u2f, fido, saml, oidc, openid connect, delegated authentication

killing commented 10 months ago

In version 11 we will provide an option to use web browser from desktop to open SSO window. That should solve the issue.

hex-m commented 3 months ago

According to the documentation CLIENT_SSO_VIA_LOCAL_BROWSER = True should solve this.