tvdijen
commented
2 years ago Hi @northway ! Thanks for reporting this.. I've proposed a fix for this.. Could you try to manually apply it and see if it works?
Closed northway closed 2 years ago
tvdijen
commented
2 years ago Hi @northway ! Thanks for reporting this.. I've proposed a fix for this.. Could you try to manually apply it and see if it works?
northway
commented
2 years ago Of course!
northway
commented
2 years ago Okay, so the error message is gone.
Now it's just stuck here. No error in the logs or in the inspector...
.
tvdijen
commented
2 years ago OK, then clearly this is not the appropriate fix.. Needs further investigation
tvdijen
commented
2 years ago Please give v0.11 a try... I'm not sure why you were told to use a dev-branch...
northway
commented
2 years ago Okay I switched it over to v0.11.0 and a new problem came up. I tried it in all the major browsers.
Should I create another issue for this?
restena-sw
commented
2 years ago This looks unrelated indeed. Please open another issue and look at the Exception that was raised, to find possible reasons for this.
tvdijen
commented
2 years ago We should either fix the first issue or remove the ssp_119 branch
tvdijen
commented
2 years ago I've removed both the ssp_119 and the release-1.0.x branch... The 0.11 branch is working properly and the ssp_119 had problems that were already fixed in the release-branches... The release-1.0.x branch puzzled me, because all of the 1.0.x-tags we have were pointing to master.. Let's keep master the one branch to work against the future SSP 2.0..
Hi!
I wanted to test this module, but I'm having some hard time to make it work.
v1.19.3and I used thesimplesamlphp/simplesamlphp-module-webauthn:dev-ssp_119branch as it was told in another issue.usenewuiis enabled as well.After authenticating against LDAP, this error message comes up:
My module config:
``` $config = [ /* Enable/disable Debug made */ 'debug' => true, /* required configuration parameters */ 'store' => [ 'webauthn:Database', 'database.dsn' => 'mysql:host=REDACTED;dbname=REDACTED', 'database.username' => 'REDACTED', 'database.password' => 'REDACTED', ], // eppn 'attrib_username' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', // displayName 'attrib_displayname' => 'urn:oid:2.16.840.1.113730.3.1.241', /* optional configuration parameters */ /* FIDO2 is phishing-resistent by binding generated credentials to a scope. * Browsers will only invoke the registration/authentication if the scope * matches the principal domain name the user is currently visiting. * If not specified, the scope will be the hostname of the IdP as per * its metadata. It is permissible to widen the scope up to the prinicpal * domain though (e.g. authentication service is "saml.example.com" => scope * can be extended to "example.com"; but not "examp1e.com". A registered * FIDO2 token can then also be used on other servers in the same domain. * If configuring this item, be sure that the authentication server name and * the desired scope are a suffix match. * * If you do not control the entirety of your second-level domain, you must * set the scope here explicitly to your own hostname to prevent some * contrived attack scenarios with other servers in that same second-level * domain. */ 'scope' => 'eduid.hu', /* the following will interactively ask the user if he is willing to share * manufacturer and model information during credential registration. * The user can decline, in which case registration will still succeed but * vendor and model will be logged as "unknown model [unknown vendor]" * * When not requesting this, there is one less user interaction during the * registration process; and no model information will be saved. * * defaults to "false" */ 'request_tokenmodel' => false, /* should FIDO2 be enabled by default for all users? If not, users need to * be white-listed in the database - other users simply pass through the * filter without being subjected to 2FA. * * defaults to "disabled by default" === false */ 'default_enable' => true, /* this parameter is used only if "use_database" is false. If the value of * "force" is true then we trigger WebAuthn only if "attrib_toggle" from the * user is not empty. If the value of "force" is false then we switch the value of * "default_enable" only if "attrib_toggle" from the user is not empty. * Default falue is true. */ 'force' => true, /* this parameter stores the name of the attribute that is sent with user and which * determines whether to trigger WebAuthn. * Default value is 'toggle' */ 'attrib_toggle' => 'toggle', /* this parameter determines if the database will be used to check * whether to trigger second factor authentication or use the "attrib_toggle" instead. * Default value of this attribute is true */ 'use_database' => true, /* optional parameter which determines whether you will be able to register and manage tokens * while authenticating or you want to use the standalone registration page for these * purposes. If set to false => standalone registration page, if true => inflow registration. * Defaults to true. */ 'use_inflow_registration' => true, /* optional parameter that determines what auth source will be used in standalone registration page. * Defaults to 'default-sp'. */ 'registration_auth_source' => 'default-sp', ```