aws-adfs icon indicating copy to clipboard operation
aws-adfs copied to clipboard

Published 20 hours ago verified publisher icon venth

Security Key not working under macosx

Open MisterBianco opened this issue 4 years ago • 3 comments

I am using a thetis u2f fido2 security key and when I use the command:

aws-adfs login --u2f-trigger-default --profile=master --adfs-host=HOSTNAME --no-ssl-verification

I get the following error:

Sending request for authentication
Waiting for additional authentication
Triggering authentication method: 'WAPO4R15C9P36B8RW0BK'
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/threading.py", line 950, in _bootstrap_inner
    self.run()
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/threading.py", line 888, in run
    self._target(*self._args, **self._kwargs)
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/site-packages/aws_adfs/_duo_authenticator.py", line 126, in _perform_authentication_transaction
    transaction_id = _begin_authentication_transaction(
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/site-packages/aws_adfs/_duo_authenticator.py", line 572, in _begin_authentication_transaction
    raise click.ClickException(
click.exceptions.ClickException: Cannot begin authentication process. The error response: {"stat": "FAIL", "message": "Unknown authentication method."}

I have ensured that the security key is set to be the default device and I can see from the verbose print out that the query used to find u2f keys is returning 0 results as the key doesnt match the query. I can send the full verbose logs but would prefer it be non public.

I have also verified that my system recognizes the key correctly.

aws-adfs version: 1.24.5 mac osx: 10.15.7 python version: 3.9.0

MisterBianco avatar Jan 08 '21 00:01 MisterBianco

Hi @MisterBianco, does your thetis u2f fido2 security key work with the same command on Linux?

pdecat avatar Sep 21 '21 13:09 pdecat

I think Duo dropped support for U2F and is now forcing webauthn. Had same thing start happening in my app recently (Golang).

Update: Looks like Google dropped u2f support and this caused some others to drop support for the protocol.

Ref: https://gitlab.com/gitlab-org/gitlab/-/issues/346662

bdwyertech avatar Jan 30 '22 21:01 bdwyertech

I'm working on moving from U2F to webauthn since last week. Interaction with website seems ok, but I'm facing issues performing the challenge with USB key.

pdecat avatar Jan 31 '22 07:01 pdecat