search

sipatel2 / shibboleth-webauthn

Apache License 2.0
24 stars 7 forks source link

Apple Interoperability? #6

Open gtkrug opened 2 years ago

gtkrug commented 2 years ago

I have been experimenting with this plugin to setup a WebAuthn+Shibboleth demo, and it worked quick and easy with an Android+Chrome device, but I have had no luck getting it to work with an Apple device. Looking at the logfiles I see:

shib-idp;idp-process.log;dev;nothing;2022-02-25 16:24:10,689 - 69.9.44.137 - ERROR [edu.duke.oit.idms.idp.authn.webauthn.RegistrationServlet:221] - Add credential finish failed with failure=java.lang.IllegalArgumentException: Failed to resolve attestation type; unknown attestation statement format: apple shib-idp;idp-process.log;dev;nothing;com.yubico.webauthn.exception.RegistrationFailedException: java.lang.IllegalArgumentException: Failed to resolve attestation type; unknown attestation statement format: apple shib-idp;idp-process.log;dev;nothing; at com.yubico.webauthn.RelyingParty.finishRegistration(RelyingParty.java:305) shib-idp;idp-process.log;dev;nothing;Caused by: java.lang.IllegalArgumentException: Failed to resolve attestation type; unknown attestation statement format: apple shib-idp;idp-process.log;dev;nothing; at com.yubico.webauthn.FinishRegistrationSteps$Step14.attestationType(FinishRegistrationSteps.java:443) shib-idp;idp-warn.log;dev;nothing;2022-02-25 16:24:10,689 - 69.9.44.137 - ERROR [edu.duke.oit.idms.idp.authn.webauthn.RegistrationServlet:221] - Add credential finish failed with failure=java.lang.IllegalArgumentException: Failed to resolve attestation type; unknown attestation statement format: apple shib-idp;idp-warn.log;dev;nothing;com.yubico.webauthn.exception.RegistrationFailedException: java.lang.IllegalArgumentException: Failed to resolve attestation type; unknown attestation statement format: apple shib-idp;idp-warn.log;dev;nothing; at com.yubico.webauthn.RelyingParty.finishRegistration(RelyingParty.java:305) shib-idp;idp-warn.log;dev;nothing; at edu.duke.oit.idms.idp.authn.webauthn.RegistrationServlet.doPost(RegistrationServlet.java:203) Would using a newer version of the yubico library address this?

gtkrug commented 2 years ago

After looking at the other issues I realized I should just try upgrading some of the library versions. I think Yubico changed how they released them after 1.7, but by upgrading the 3 yubico libraries to 1.7 from 1.3, I was able to enable Apple devices in my little demo deploy.