wp-webauthn icon indicating copy to clipboard operation
wp-webauthn copied to clipboard

Published 20 hours ago • verified publisher icon yrccondor

Unable to register yubi keys

Open ChrisPrior86 opened this issue 2 years ago • 9 comments

I have ensured gmp and mbstring are enabled on my wordpress hosting site but cannot register yubi keys (including yubi 4) Is there a restriction on which version of key can be used? The general information suggests that webauthn should work with any of the u2f keys The only config item with mbstring that may be an issue that I can see is HTTP input encoding translation is Disabled Does that need to be changed? Client is gentoo linux, browser google chrome 99.0 4844.51

Thanks Chris

ChrisPrior86 avatar Mar 18 '22 13:03 ChrisPrior86

There is a logging option in the plug-in's settings page. Could you pls provide logs for the failed registration?

yrccondor avatar Mar 18 '22 14:03 yrccondor

Here is the log entry

[2022-03-18 11:56:49][cc880a] PHP Version => 7.4.28, WordPress Version => 5.9.2, WP-WebAuthn Version => 1.2.6 [2022-03-18 11:56:49][cc880a] Current config: first_choice => "true", website_name => "All Saints\' Church Breadsall", website_domain => "www.breadsallchurch.org.uk", remember_me => "false", user_verification => "false", allow_authenticator_type => "none", usernameless_login => "false" [2022-03-18 11:56:49][cc880a] Logger initialized [2022-03-18 11:56:49][cc880a] website_name: "All Saints\' Church Breadsall"->"All Saints\\\' Church Breadsall" [2022-03-18 11:56:49][cc880a] user_verification: "false"->"true" [2022-03-18 11:57:16][051801] ajax_create: Start [2022-03-18 11:57:16][051801] ajax_create: name => "yubi 1", type => "none", usernameless => "false" [2022-03-18 11:57:16][051801] ajax_create: user => "chris" [2022-03-18 11:57:16][051801] ajax_create: excludeCredentials => [] [2022-03-18 11:57:16][051801] ajax_create: user_verification => "true" [2022-03-18 11:57:16][051801] ajax_create: Challenge sent [2022-03-18 11:57:57][24e14e] ajax_create: Start [2022-03-18 11:57:57][24e14e] ajax_create: name => "yubi 4", type => "none", usernameless => "false" [2022-03-18 11:57:57][24e14e] ajax_create: user => "chris" [2022-03-18 11:57:57][24e14e] ajax_create: excludeCredentials => [] [2022-03-18 11:57:57][24e14e] ajax_create: user_verification => "true" [2022-03-18 11:57:57][24e14e] ajax_create: Challenge sent [2022-03-18 12:24:43][c27585] ajax_auth: Start [2022-03-18 12:24:43][c27585] ajax_auth: type => "auth", user => "chris1" [2022-03-18 12:24:43][c27585] ajax_auth: User not initialized, initialize [2022-03-18 12:24:43][c27585] ajax_auth: allowedCredentials => [] [2022-03-18 12:24:43][c27585] ajax_auth: user_verification => "true" [2022-03-18 12:24:43][c27585] ajax_auth: Challenge sent [2022-03-18 13:03:48][00be7f] website_name: "All Saints\\\' Church Breadsall"->"All Saints Church Breadsall" [2022-03-18 13:03:48][00be7f] website_domain: "www.breadsallchurch.org.uk"->"breadsallchurch.org.uk" [2022-03-18 13:04:11][4ae878] ajax_create: Start [2022-03-18 13:04:11][4ae878] ajax_create: name => "yubi 1", type => "none", usernameless => "false" [2022-03-18 13:04:11][4ae878] ajax_create: user => "chris" [2022-03-18 13:04:11][4ae878] ajax_create: excludeCredentials => [] [2022-03-18 13:04:11][4ae878] ajax_create: user_verification => "true" [2022-03-18 13:04:11][4ae878] ajax_create: Challenge sent

ChrisPrior86 avatar Mar 18 '22 19:03 ChrisPrior86

The browser provides a message that I may require a newer or different type of key I have tried several different fido u2f keys from 4 different manufacturers

ChrisPrior86 avatar Mar 18 '22 19:03 ChrisPrior86

Seems like you have user verification enabled. U2F doesn't support user verification however and the procedure failed on the browser side.

yrccondor avatar Mar 18 '22 21:03 yrccondor

Changing that makes no difference. Seems that sodium is required. Never heard of that.

[2022-03-18 19:36:53][423770] ajax_create: Start [2022-03-18 19:36:53][423770] ajax_create: name => "Yubi", type => "none", usernameless => "false" [2022-03-18 19:36:53][423770] ajax_create: user => "chris" [2022-03-18 19:36:53][423770] ajax_create: excludeCredentials => [] [2022-03-18 19:36:53][423770] ajax_create: user_verification => "true" [2022-03-18 19:36:53][423770] ajax_create: Challenge sent [2022-03-18 19:37:54][1c27e4] ajax_create: Start [2022-03-18 19:37:54][1c27e4] ajax_create: name => "Yubi", type => "none", usernameless => "false" [2022-03-18 19:37:54][1c27e4] ajax_create: user => "chris" [2022-03-18 19:37:54][1c27e4] ajax_create: excludeCredentials => [] [2022-03-18 19:37:54][1c27e4] ajax_create: user_verification => "true" [2022-03-18 19:37:54][1c27e4] ajax_create: Challenge sent [2022-03-18 22:05:27][0d6e07] user_verification: "true"->"false" [2022-03-18 22:05:53][e99606] ajax_create: Start [2022-03-18 22:05:53][e99606] ajax_create: name => "yubi", type => "none", usernameless => "false" [2022-03-18 22:05:53][e99606] ajax_create: user => "chris" [2022-03-18 22:05:53][e99606] ajax_create: excludeCredentials => [] [2022-03-18 22:05:53][e99606] ajax_create: user_verification => "false" [2022-03-18 22:05:53][e99606] ajax_create: Challenge sent [2022-03-18 22:05:58][46269d] ajax_create_response: Client response received [2022-03-18 22:05:58][46269d] ajax_create_response: name => "yubi", type => "none", usernameless => "false" [2022-03-18 22:05:58][46269d] ajax_create_response: data => {"id":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ","type":"public-key","rawId":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ==","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiNTlQV1FTUjhkN1FOZlNxSFV5TWZ4clB2emw0RFZQc3lSX3F5WjR6S2xmayIsIm9yaWdpbiI6Imh0dHBzOi8vd3d3LmJyZWFkc2FsbGNodXJjaC5vcmcudWsiLCJjcm9zc09yaWdpbiI6ZmFsc2V9","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEIzhm+TPpHQCUHMFs7oxwe2j7cKCrJscX4VHFQY+R0BZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOTxZUKCQEJKbfbQbaEh943FruG9he7X7y0iLIq6qddqzdHXBg+SxogHExEKWvZXjpzGExYqMQaKj5TcHNIRcGGlAQIDJiABIVggAAuoRwb5bhhxLpKN0IgIoAfkwbOZeGS6ZLuj0zDOXCsiWCCUOHwUOEgfVtRRQINB7mNFc6qJJSgZfCTH7C8CltsuqQ=="}} [2022-03-18 22:05:58][46269d] ajax_create_response: Credential ID unique check passed [2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)The extension "sodium" is not available. Please install it to use this method [2022-03-18 22:05:58][46269d] Traceback: 1) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-admin/admin-ajax.php(187): do_action('wp_ajax_wwa_cre...') 2) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/plugin.php(474): WP_Hook->do_action(Array) 3) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array) 4) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(307): wwa_ajax_create_response('') 5) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/wwa-ajax.php(476): Webauthn\Server->loadAndCheckAttestationResponse('{"id":"5PFlQoJA...', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest)) 6) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(250): Webauthn\Server->getAttestationStatementSupportManager() 7) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(336): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->__construct() 8) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/AttestationStatement/AndroidSafetyNetAttestationStatementSupport.php(97): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->initJwsVerifier() [2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)Challenge not verified, exit

ChrisPrior86 avatar Mar 18 '22 22:03 ChrisPrior86

sodium is a built-in PHP extension for encryption since PHP 7.2. Please check your php.ini (extension=sodium) or contact your sever manager.

we'll add a warning in the settings page if sodium is not installed since next version.

yrccondor avatar Mar 18 '22 22:03 yrccondor

I have same problem. PHP 8.0, Yubikey

What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?

[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed [2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.

Trapulo avatar Mar 23 '22 15:03 Trapulo

What is sodium?

It's a built-in PHP extension but not enabled by default on some PHP instance. You need to check whether you have enabled it.

(ERROR)Out of range. Expected: 45963, read: 126.

Have never seen this error before. I'll try to figure it out.

Sorry for the late response.

yrccondor avatar May 09 '22 12:05 yrccondor

I have same problem. PHP 8.0, Yubikey

What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?

[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed [2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.

what model of yubikey do you have, also are either Require user verification or Allow to login without username active?

My1 avatar Jan 12 '24 10:01 My1