Closed libregeek closed 11 months ago
How does your configuration look like - especially: do you use the separate registration page or inline?
I used the default behaviour in the Webauthn plugin. Here are my configurations:
config/module_webauthn.php
use SimpleSAML\Module\webauthn\WebAuthn\WebAuthnRegistrationEvent;
$config = [
/* Enable/disable Debug made */
'debug' => false,
/* required configuration parameters */
'store' => [
'webauthn:Database',
'database.dsn' => 'mysql:host=localhost;port=3306;dbname=simplesaml',
'database.username' => 'root',
'database.password' => 'xxxxxxxx',
],
'identifyingAttribute' => 'uid',
'attrib_displayname' => 'urn:oid:2.5.4.3',
'scope' => 'example.net',
config/config.php
10 => array(
'class' => 'webauthn:WebAuthn',
//'%precondition' => 'return $state["mfa_option"] === "webauthn";',
//'%precondition' => 'return false;',
'default_enable' => true,
'use_database' => true,
//'force' => true,
'attrib_toggle' => 'toggle'
),
In your paste, the part of config/modules_webauthn.php misses the entire array 'registration'? Is it like that in the actual config?
Particularly the entry 'registration' -> 'use_inflow_registration' is the interesting one.
I didn't change anything else other than the above. The rest are basically the default config from the dist file.
'policy_2fa' => [
'minimum_certification_level' => WebAuthnRegistrationEvent::CERTIFICATION_NOT_REQUIRED,
'aaguid_whitelist' => [ ],
'attestation_format_whitelist' => [ ],
],
'use_inflow_registration' => true,
'auth_source' => 'default-sp'
Does the same error occur when you set use_inflow_registration to false?
No. there is no error when use_inflow_registration
is false
Okay, that makes it a pretty clear bug for the (less tested) inflow registration. I can look at this closer next week.
For the time being, I did a blind workaround by initializing the delURL variable in the Controller/Webauthn.php:
$t->data['delURL'] = "";
I just pushed a candidate fix to master. Please confirm if this fixes the issue for you.
I tested this with use_inflow_registration = true
and no more error messages. Thanks
Thanks for confirming!
Installed and configured the webauthn module from the master branch and the following error occurred when trying for two-factor authentication: