keywind icon indicating copy to clipboard operation
keywind copied to clipboard

Published 20 hours ago verified publisher icon lukin

WebAuthn / Passkey Registration Issue

Open wisebaldone opened this issue 1 year ago • 10 comments
trafficstars

https://github.com/lukin/keywind/blob/bdf966fdae0071ccd46dab4efdc38458a643b409/theme/keywind/login/webauthn-register.ftl#L47C11-L47C11

I was getting compilation issues on the above line for keycloak 23.0.3, made the adjustments to

signatureAlgorithms: '<#list signatureAlgorithms as sigAlg>${sigAlg}<#sep>,</#list>'

and seemed to be resolved.

wisebaldone avatar Jan 16 '24 14:01 wisebaldone

I have same problem 2024-01-20 16:30:54,452 ERROR [org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider] (executor-thread-1) Failed to process template: org.keycloak.theme.FreeMarkerException: Failed to process template webauthn-register.ftl

at org.keycloak.theme.freemarker.DefaultFreeMarkerProvider.processTemplate(DefaultFreeMarkerProvider.java:52)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.processTemplate(FreeMarkerLoginFormsProvider.java:559)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createForm(FreeMarkerLoginFormsProvider.java:352)

at org.keycloak.authentication.requiredactions.WebAuthnRegister.requiredActionChallenge(WebAuthnRegister.java:165)

at org.keycloak.services.managers.AuthenticationManager.executeAction(AuthenticationManager.java:1335)

at org.keycloak.services.managers.AuthenticationManager.lambda$executionActions$18(AuthenticationManager.java:1282)

at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)

at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:400)

at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)

at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)

at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)

at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:528)

at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)

at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)

at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)

at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)

at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)

at org.keycloak.services.managers.AuthenticationManager.executionActions(AuthenticationManager.java:1283)

at org.keycloak.services.managers.AuthenticationManager.actionRequired(AuthenticationManager.java:1171)

at org.keycloak.services.managers.AuthenticationManager.nextActionAfterAuthentication(AuthenticationManager.java:1018)

at org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:1053)

at org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:1035)

at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$requiredActionGET_900f1400af417d7ade6b5fdd106784903c8de34e.invoke(Unknown Source)

at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)

at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)

at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)

at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)

at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)

at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)

at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)

at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)

at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)

at java.base/java.lang.Thread.run(Thread.java:840)

Caused by: freemarker.core.NonStringOrTemplateOutputException: For "${...}" content: Expected a string or something automatically convertible to string (number, date or boolean), or "template output" , but this has evaluated to a sequence (wrapper: f.t.SimpleSequence):

==> signatureAlgorithms!"[]"?no_esc [in template "webauthn-register.ftl" at line 47, column 42]

majdslmt avatar Jan 20 '24 17:01 majdslmt

@lukin did you want to keep a level of backwards compatibility or are you okay with me submitting a pull request to make minimum keycloak v23 with the required fixes.

wisebaldone avatar Feb 02 '24 01:02 wisebaldone

@wisebaldone your fix works, but after that the Register button doesn't work

youss6f avatar Feb 05 '24 19:02 youss6f

@youss6f a firefox user Im guessing, it has an unrelated issue which is https://github.com/lukin/keywind/blob/bdf966fdae0071ccd46dab4efdc38458a643b409/src/data/webAuthnRegister.ts#L171 isnt the correct type so the If statement bails out, works on chrome though:

In my fix I just blindly cast it

let cred = result as PublicKeyCredential; let response = cred.response as AuthenticatorAttestationResponse;

and rewrote the rest of the handler to use the casted variables. Youll need to do the same for webAuthnAuthenticate for FireFox.

wisebaldone avatar Feb 06 '24 13:02 wisebaldone

@youss6f a firefox user Im guessing, it has an unrelated issue which is

https://github.com/lukin/keywind/blob/bdf966fdae0071ccd46dab4efdc38458a643b409/src/data/webAuthnRegister.ts#L171

isnt the correct type so the If statement bails out, works on chrome though: In my fix I just blindly cast it

let cred = result as PublicKeyCredential; let response = cred.response as AuthenticatorAttestationResponse;

and rewrote the rest of the handler to use the casted variables. Youll need to do the same for webAuthnAuthenticate for FireFox.

I'm a chrome user. I just edited signatureAlgorithms: '<#list signatureAlgorithms as sigAlg>${sigAlg}<#sep>,</#list>' With that i got rid of the server problem error after login. But register button don't make any action.

What else i need to do? And could you maybe post a pull request or send your complete fix? I'm on the latest keycloak version.

youss6f avatar Feb 06 '24 14:02 youss6f

@youss6f I've opened a pull request (#85) with a fix that works for both pre- and post-21 versions. It's basically your suggestion but with an extra check for previous versions where the old method was required

scheibling avatar Mar 03 '24 14:03 scheibling

any update on this?

useEffects avatar Mar 04 '24 08:03 useEffects

@useEffects There's a pull request with a fix (#85) pending

scheibling avatar Mar 04 '24 08:03 scheibling

can confirm, it solves the issue. thank you @scheibling

useEffects avatar Mar 04 '24 08:03 useEffects

While I'd love to take the credit, @paulwer did all the hard work, I just pasted it into a pull request :-) https://github.com/lukin/keywind/issues/57#issuecomment-1751943584

scheibling avatar Mar 04 '24 08:03 scheibling