search

prefiks / u2f4moz

U2F support extension for Firefox
GNU Lesser General Public License v2.1
197 stars 15 forks source link

registration fails due to trusted facets not used #55

Open cornelinux opened 7 years ago

cornelinux commented 7 years ago

Environment:

It looks like this firefox addon does not support trusted facets at least during enrollment.

Scenario 1 - works with FF+u2f4moz and Chrome

register the u2f device on a machine called https://puck.az.intern. The AppId is set to https://puck.az.intern.

Scenario 2 - works with Chrome - does not work with FF+u2f4moz

register the u2f device on a machine called https://puck.az.intern. The AppId is set to https://puck2.az.inter/u2f, which provides a list of trusted facets:

{
  "trustedFacets": [
            {
               "version": {
                   "major": 1,
                   "minor": 0
                },
  "ids": [
        "https://puck.az.intern",
        "https://puck2.az.intern/u2f"
        ]
    }
  ]
}

The registration works nice with Chrome. FF produces a U2F timeout. THe yubikey does not blink.

baloo commented 7 years ago

I use this too, and I just found that trusted facets json should be served with:

Content-Type: application/fido.trusted-apps+json

As specified here: https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-appid-and-facets-ps-20141009.pdf

The extension does work with u2f facets, but checks that facets is served with expected content-type and will silently fail if not.