saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard
verified publisher icon Versent

Keycloak v25 support

Open schwoerb opened this issue 1 year ago • 1 comments

Keycloak v25 made changes to the UI that are causing issues with using webauthn. Even with latest, I cannot get WebAuthN working in v25, while it works with v24 in the same environment.

DEBU[0012] HTTP Res Status="200 OK" http=client The provided key handle is not present on the device, or was created with a different application parameter. error while getting Webauthn challenge github.com/versent/saml2aws/v2/pkg/provider/keycloak.(*Client).postWebauthnForm github.com/versent/saml2aws/v2/pkg/provider/keycloak/keycloak.go:306 github.com/versent/saml2aws/v2/pkg/provider/keycloak.(*Client).doAuthenticate github.com/versent/saml2aws/v2/pkg/provider/keycloak/keycloak.go:138 github.com/versent/saml2aws/v2/pkg/provider/keycloak.(*Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/keycloak/keycloak.go:95 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:107 main.main github.com/versent/saml2aws/v2/cmd/saml2aws/main.go:196 runtime.main runtime/proc.go:271 runtime.goexit runtime/asm_arm64.s:1222 error posting Webauthn form github.com/versent/saml2aws/v2/pkg/provider/keycloak.(*Client).doAuthenticate github.com/versent/saml2aws/v2/pkg/provider/keycloak/keycloak.go:140 github.com/versent/saml2aws/v2/pkg/provider/keycloak.(*Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/keycloak/keycloak.go:95 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:107 main.main github.com/versent/saml2aws/v2/cmd/saml2aws/main.go:196 runtime.main runtime/proc.go:271 runtime.goexit runtime/asm_arm64.s:1222 Error authenticating to IdP. github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:109 main.main github.com/versent/saml2aws/v2/cmd/saml2aws/main.go:196 runtime.main runtime/proc.go:271 runtime.goexit runtime/asm_arm64.s:1222

schwoerb avatar Jun 26 '24 13:06 schwoerb

I am able to successfully use my Yubikey 4 against Keycloak on Keycloak 25, but once I use a Yubikey 5, I get the same error.

I am guessing it's related to FIDO1/U2F vs FIDO2.

archoversight avatar Jul 03 '24 21:07 archoversight