manager icon indicating copy to clipboard operation
manager copied to clipboard

Published 20 hours ago verified publisher icon ovh

U2F Support on safari

Open zmilonas opened this issue 3 years ago • 4 comments

Describe the bug Not possible to use U2F keys in Safari

To Reproduce Steps to reproduce the behavior:

  1. Go to the security settings page (https://www.ovh.com/manager/dedicated/#/useraccount/security)
  2. Click on add key under U2F
  3. A popup is displayed instructing to insert the key and press the button on it
  4. Nothing happens, the key doesn't react.

Expected behavior I expected my YubiKey to light up and let me authenticate

Desktop:

  • OS: macOS Catalina
  • Browser Safari
  • Version 14

Additional context Maybe WebAuthn could be implemented?

https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/

zmilonas avatar Nov 13 '20 23:11 zmilonas

Hi @zmilonas!

Thanks for reporting us this issue. We are investigating and we will keep you posted as soon as a patch is deployed.

Thank you!

antleblanc avatar Nov 16 '20 07:11 antleblanc

Also experiencing this issue on us.ovhcloud.com using both mac and windows.

Desktop 1: OS: macOS Catalina Browser: Chrome Version: 87.0.4280.88 (Official Build) (x86_64)

Desktop 2: OS: Windows 10 Browser: Chrome Version: 86.0.4240.198 (Official Build) (x86_64)

Works properly using Firefox 83.0

ajziehl avatar Dec 04 '20 20:12 ajziehl

Hey @antleblanc are there any updates? Because of this bug and https://github.com/ovh/manager/issues/3013#issuecomment-803447232 these issues using your panel became a hassle and I'm already not recommending OVH services to anyone and starting to move off my countless domains from your service.

zmilonas avatar Sep 30 '21 12:09 zmilonas

@antleblanc i have the same problem

lolen avatar May 09 '22 22:05 lolen

bump, same thing, windows machine

it's 2 years now since it was reported

dzek69 avatar Nov 11 '22 19:11 dzek69

@dzek69 if you really want to add support for u2f, configure add keys through Firefox and then use your other browser it worked for me

lolen avatar Nov 12 '22 15:11 lolen

@lolen thanks for suggestion, but i think i'll pass. If the adding the key is buggy and that's not the only buggy thing unfortunately about the manager I may some day get locked out of the account because using the key when logging in may get buggy too.

dzek69 avatar Nov 13 '22 16:11 dzek69

I have the same problem, Windows machine, Chrome 108. Works on Firefox, however I don't want to use it just for this one specific site, not really a solution for me.

Ernshow avatar Dec 20 '22 22:12 Ernshow

This issue persists for me as well, Windows 10, Chrome Version 109.0.5414.120 (Official Build) (64-bit). Any info you need to help debug would be great, I would be happy to provide.

Brandin avatar Jan 29 '23 18:01 Brandin

Was the same for me but it is not much effort to use firefox to add the security key after that it works on all browsers to authenticate.

Dazzler1985 avatar Feb 21 '23 03:02 Dazzler1985

VM411:545 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null').

https://askubuntu.com/questions/844090/what-is-cryptotokenextension-in-chromium-extensions

https://codesearch.debian.net/search?q=kmendfapggjehodndflmmgagdbamhnfd&literal=1

Mayby isse is related to: https://developer.chrome.com/blog/deps-rems-95/#deprecate-u2f-api-cryptotoken

dansleboby avatar Apr 03 '23 15:04 dansleboby

Just found the same with my Fido Key on safari when trying to add 2FA. https://www.ovh.com/manager/#/dedicated/useraccount/security/mfa

Michael-MCP avatar Apr 11 '23 08:04 Michael-MCP

The same with chrome. This still does not work.

OVH developers, have fun: https://thenewstack.io/deprecation-from-u2f-api-to-webauthn/

Teeed avatar Apr 27 '23 10:04 Teeed

I noticed that Firefox used to work after Chrome disabled this but it is no longer working. The workaround is to install older Firefox (107.0) that still supports U2F.

On Windows the easiest way to do it and not to overwrite local browsers is to run scoop: scoop install [email protected] and run Firefox from ~/scoop/apps/firefox/107.0/firefox.exe

After you are done simple scoop uninstall firefox will remove it from the system, no traces left :)

alkuzad avatar Jul 02 '23 18:07 alkuzad

You should fix this ASAP, it's quite embarrassing. Moving to WebAuthn would also enable creation of passkeys. Currently enrolled security keys still work at login, but registration does not on any modern browser. Related issues #9632 #9705.

orazioedoardo avatar Sep 26 '23 11:09 orazioedoardo

Hey, for the people that have subscribed this ticket to get informed, it works, and now passkeys works too (iCloud (bug aware, duplicated entry name at login), and Samsung Pass One Ui 6.0, Google's android pass is not (as of 14) ), and key removal is working. (MacOS Safari 17 and Chrome 119, Samsung browser One Ui 6.0).

jonathandhn avatar Nov 07 '23 13:11 jonathandhn

bug aware, duplicated entry name at login

One of the entry is for ovh.com, the other is for (eu|ca|us).ovhcloud.com. If you saved for one domain the passkey/security key won’t work for the other so you need to guess which one is correct. Removing and adding the key seems to fix duplicate.

orazioedoardo avatar Nov 07 '23 15:11 orazioedoardo