search

ovh / manager

OVHcloud Control Panel
https://ovh.github.io/manager/
BSD 3-Clause "New" or "Revised" License
214 stars 98 forks source link

U2F Support on safari #4024

Open zmilonas opened 4 years ago

zmilonas commented 4 years ago

Describe the bug Not possible to use U2F keys in Safari

To Reproduce Steps to reproduce the behavior:

  1. Go to the security settings page (https://www.ovh.com/manager/dedicated/#/useraccount/security)
  2. Click on add key under U2F
  3. A popup is displayed instructing to insert the key and press the button on it
  4. Nothing happens, the key doesn't react.

Expected behavior I expected my YubiKey to light up and let me authenticate

Desktop:

Additional context Maybe WebAuthn could be implemented?

https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/

antleblanc commented 4 years ago

Hi @zmilonas!

Thanks for reporting us this issue. We are investigating and we will keep you posted as soon as a patch is deployed.

Thank you!

ajziehl commented 3 years ago

Also experiencing this issue on us.ovhcloud.com using both mac and windows.

Desktop 1: OS: macOS Catalina Browser: Chrome Version: 87.0.4280.88 (Official Build) (x86_64)

Desktop 2: OS: Windows 10 Browser: Chrome Version: 86.0.4240.198 (Official Build) (x86_64)

Works properly using Firefox 83.0

zmilonas commented 3 years ago

Hey @antleblanc are there any updates? Because of this bug and https://github.com/ovh/manager/issues/3013#issuecomment-803447232 these issues using your panel became a hassle and I'm already not recommending OVH services to anyone and starting to move off my countless domains from your service.

lolen commented 2 years ago

@antleblanc i have the same problem

dzek69 commented 2 years ago

bump, same thing, windows machine

it's 2 years now since it was reported

lolen commented 2 years ago

@dzek69 if you really want to add support for u2f, configure add keys through Firefox and then use your other browser it worked for me

dzek69 commented 2 years ago

@lolen thanks for suggestion, but i think i'll pass. If the adding the key is buggy and that's not the only buggy thing unfortunately about the manager I may some day get locked out of the account because using the key when logging in may get buggy too.

Ernshow commented 1 year ago

I have the same problem, Windows machine, Chrome 108. Works on Firefox, however I don't want to use it just for this one specific site, not really a solution for me.

Brandin commented 1 year ago

This issue persists for me as well, Windows 10, Chrome Version 109.0.5414.120 (Official Build) (64-bit). Any info you need to help debug would be great, I would be happy to provide.

Dazzler1985 commented 1 year ago

Was the same for me but it is not much effort to use firefox to add the security key after that it works on all browsers to authenticate.

dansleboby commented 1 year ago

VM411:545 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null').

https://askubuntu.com/questions/844090/what-is-cryptotokenextension-in-chromium-extensions

https://codesearch.debian.net/search?q=kmendfapggjehodndflmmgagdbamhnfd&literal=1

Mayby isse is related to: https://developer.chrome.com/blog/deps-rems-95/#deprecate-u2f-api-cryptotoken

Michael-MCP commented 1 year ago

Just found the same with my Fido Key on safari when trying to add 2FA. https://www.ovh.com/manager/#/dedicated/useraccount/security/mfa

Teeed commented 1 year ago

The same with chrome. This still does not work.

OVH developers, have fun: https://thenewstack.io/deprecation-from-u2f-api-to-webauthn/

alkuzad commented 1 year ago

I noticed that Firefox used to work after Chrome disabled this but it is no longer working. The workaround is to install older Firefox (107.0) that still supports U2F.

On Windows the easiest way to do it and not to overwrite local browsers is to run scoop: scoop install firefox@107.0 and run Firefox from ~/scoop/apps/firefox/107.0/firefox.exe

After you are done simple scoop uninstall firefox will remove it from the system, no traces left :)

orazioedoardo commented 1 year ago

You should fix this ASAP, it's quite embarrassing. Moving to WebAuthn would also enable creation of passkeys. Currently enrolled security keys still work at login, but registration does not on any modern browser. Related issues #9632 #9705.

jonathandhn commented 1 year ago

Hey, for the people that have subscribed this ticket to get informed, it works, and now passkeys works too (iCloud (bug aware, duplicated entry name at login), and Samsung Pass One Ui 6.0, Google's android pass is not (as of 14) ), and key removal is working. (MacOS Safari 17 and Chrome 119, Samsung browser One Ui 6.0).

orazioedoardo commented 1 year ago

bug aware, duplicated entry name at login

One of the entry is for ovh.com, the other is for (eu|ca|us).ovhcloud.com. If you saved for one domain the passkey/security key won’t work for the other so you need to guess which one is correct. Removing and adding the key seems to fix duplicate.