u2f4moz icon indicating copy to clipboard operation
u2f4moz copied to clipboard

Published 20 hours ago verified publisher icon prefiks

registration fails due to trusted facets not used

Open cornelinux opened this issue 7 years ago • 1 comments

Environment:

  • Ubuntu 16.04
  • Firefox 53
  • Yubikey 4
  • Backend privacyIDEA

It looks like this firefox addon does not support trusted facets at least during enrollment.

Scenario 1 - works with FF+u2f4moz and Chrome

register the u2f device on a machine called https://puck.az.intern. The AppId is set to https://puck.az.intern.

Scenario 2 - works with Chrome - does not work with FF+u2f4moz

register the u2f device on a machine called https://puck.az.intern. The AppId is set to https://puck2.az.inter/u2f, which provides a list of trusted facets:

{
  "trustedFacets": [
            {
               "version": {
                   "major": 1,
                   "minor": 0
                },
  "ids": [
        "https://puck.az.intern",
        "https://puck2.az.intern/u2f"
        ]
    }
  ]
}

The registration works nice with Chrome. FF produces a U2F timeout. THe yubikey does not blink.

cornelinux avatar Apr 28 '17 10:04 cornelinux

I use this too, and I just found that trusted facets json should be served with:

Content-Type: application/fido.trusted-apps+json

As specified here: https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-appid-and-facets-ps-20141009.pdf

The extension does work with u2f facets, but checks that facets is served with expected content-type and will silently fail if not.

baloo avatar Jul 06 '17 20:07 baloo