search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
730 stars 713 forks source link

Passkey authentication doesn't work when usernameless is disabled and using as 1FA #17490

Closed ThaminduDilshan closed 8 months ago

ThaminduDilshan commented 8 months ago

Describe the issue: Passkey authentication doesn't work when progressive enrollment is enabled and usernameless authentication is disabled. It says browser change is detected.

[2023-11-01 12:16:31,439] [4bc558c3-fcbb-467d-ab5f-2afc004c34a5]  WARN {org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler} - Session nonce cookie validation has failed for the sessionDataKey: 861a72f1-494b-4274-90c8-154bf090adf6. Hence, restarting the login flow.

https://github.com/wso2/product-is/assets/35653110/dada362f-e37b-410a-a281-6842dbebeac7

Note: I'm trying out this flow in a tenant (tenant1.com)

How to reproduce:

  1. Go to connections -> Passkeys and disable passkey usernameless authentication and enable passkey progressive enrollment
  2. Create an app and add passkey authentication to the signin flow (used the template)
  3. Login to the application by selecting passkeys then enter username and proceed.

Expected behavior:

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues:

Suggested labels:

ThaminduDilshan commented 8 months ago

This flow works in the super tenant

ThaminduDilshan commented 8 months ago

Passkey progressive enrollment too is not working for tenants, but works for the super tenant.

Following error gets printed in the terminal, but seems unrelated or original exception gets wrapped from this excpetion.

[2023-11-01 16:42:53,147] [f679c6ad-bf7b-428a-b1da-3c0ad6d2b512] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} - Authentication failed exception! FIDO2 trusted origin: https://localhost:9443 sent in the request is invalid.

https://github.com/wso2/product-is/assets/35653110/0191c600-d98c-4aa9-98ad-3906b104f97e