Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix ( fido2 ): Unable to register Fido2 devices #7701

Closed
mzico opened this issue Feb 12, 2024 · 3 comments
Closed

fix ( fido2 ): Unable to register Fido2 devices #7701

mzico opened this issue Feb 12, 2024 · 3 comments
Assignees
@moabu @Milton-Ch
Labels
kind-bug Issue or PR is a bug in existing functionality

Comments

@mzico
Copy link
Contributor

mzico commented Feb 12, 2024

  • Flex server with postgresql

  • CASA installed

  • Unable to register any Fido2 devices ( hardware tokens or Apple TouchID ) due to below error.

  • How to reproduce:

    • Install Flex with Fido2
    • Enable Fido2 script from Flex/Jans
    • Allow this authentication method ( fido2 ) available to use in "jans-casa"
    • Log into "jans-casa" and try to enroll your device.

  • Error in fido2.log:

12-02 20:28:55.855 ERROR [qtp1908143486-14] [jans.fido2.ws.rs.controller.AttestationController] (AttestationController.java:82) - Unknown Error: Failed to persist entry: 'jansId=19ffa515-30be-4ffc-b495-e9eed2200aee,ou=fido2_register,inum=58a79adb-01f1-4816-aaea-291920cda11f,ou=people,o=jans'
io.jans.orm.exception.EntryPersistenceException: Failed to persist entry: 'jansId=19ffa515-30be-4ffc-b495-e9eed2200aee,ou=fido2_register,inum=58a79adb-01f1-4816-aaea-291920cda11f,ou=people,o=jans'
	at io.jans.orm.sql.impl.SqlEntryManager.persist(SqlEntryManager.java:220) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.impl.BaseEntryManager.persist(BaseEntryManager.java:115) ~[jans-orm-core-1.0.22.jar:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-4.0.3.Final.jar:4.0.3.Final]
	at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-4.0.3.Final.jar:4.0.3.Final]
	at io.jans.orm.PersistenceEntryManager$EntityManager$1198526138$Proxy$_$$_WeldClientProxy.persist(Unknown Source) ~[jans-orm-core-1.0.22.jar:?]
	at io.jans.as.common.service.common.fido2.RegistrationPersistenceService.save(RegistrationPersistenceService.java:53) ~[jans-auth-common-1.0.22.jar:?]
	at io.jans.fido2.service.persist.RegistrationPersistenceService$Proxy$_$$_WeldClientProxy.save(Unknown Source) ~[classes/:?]
	at io.jans.fido2.service.operation.AttestationService.options(AttestationService.java:208) ~[classes/:?]
	at io.jans.fido2.service.operation.AttestationService$Proxy$_$$_WeldClientProxy.options(Unknown Source) ~[classes/:?]
	at io.jans.fido2.ws.rs.controller.AttestationController.register(AttestationController.java:74) ~[classes/:?]
	at io.jans.fido2.ws.rs.controller.AttestationController$Proxy$_$$_WeldClientProxy.register(Unknown Source) ~[classes/:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[resteasy-core-6.0.3.Final.jar:6.0.3.Final]
	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:587) ~[jetty-jakarta-servlet-api-5.0.2.jar:?]
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[jetty-servlet-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) ~[jetty-servlet-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) ~[jetty-servlet-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?]
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[jetty-security-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?]
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) ~[jetty-server-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?]
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1381) ~[jetty-server-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?]
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) ~[jetty-servlet-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) ~[jetty-server-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?]
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1303) ~[jetty-server-11.0.15.jar:11.0.15]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?]
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:149) ~[?:?]
	at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
	at org.eclipse.jetty.server.Server.handle(Server.java:563) ~[?:?]
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?]
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?]
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?]
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?]
	at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) ~[?:?]
	at java.lang.Thread.run(Thread.java:840) ~[?:?]
Caused by: io.jans.orm.exception.operation.PersistenceException: Failed to add entry
	at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntryImpl(SqlOperationServiceImpl.java:213) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntry(SqlOperationServiceImpl.java:177) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.sql.impl.SqlEntryManager.persist(SqlEntryManager.java:215) ~[jans-orm-sql-1.0.22.jar:?]
	... 69 more
Caused by: com.querydsl.core.QueryException: Caught PSQLException for insert into "public"."jansFido2RegistrationEntry" ("jansCodeChallenge", "jansCodeChallengeHash", "jansCounter", "creationDate", "del", "exp", "jansId", "jansRegistrationData", "jansStatus", "jansApp", "personInum", "objectClass", "dn", "doc_id")
values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
	at com.querydsl.sql.DefaultSQLExceptionTranslator.translate(DefaultSQLExceptionTranslator.java:50) ~[querydsl-sql-4.4.0.jar:?]
	at com.querydsl.sql.Configuration.translate(Configuration.java:508) ~[querydsl-sql-4.4.0.jar:?]
	at com.querydsl.sql.dml.AbstractSQLInsertClause.execute(AbstractSQLInsertClause.java:437) ~[querydsl-sql-4.4.0.jar:?]
	at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntryImpl(SqlOperationServiceImpl.java:209) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntry(SqlOperationServiceImpl.java:177) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.sql.impl.SqlEntryManager.persist(SqlEntryManager.java:215) ~[jans-orm-sql-1.0.22.jar:?]
	... 69 more
Caused by: org.postgresql.util.PSQLException: ERROR: column "jansCodeChallengeHash" is of type integer but expression is of type character varying
  Hint: You will need to rewrite or cast the expression.
  Position: 259
	at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2713) ~[postgresql-42.6.0.jar:42.6.0]
	at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2401) ~[postgresql-42.6.0.jar:42.6.0]
	at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:368) ~[postgresql-42.6.0.jar:42.6.0]
	at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:498) ~[postgresql-42.6.0.jar:42.6.0]
	at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:415) ~[postgresql-42.6.0.jar:42.6.0]
	at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:190) ~[postgresql-42.6.0.jar:42.6.0]
	at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:152) ~[postgresql-42.6.0.jar:42.6.0]
	at org.apache.commons.dbcp2.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:136) ~[commons-dbcp2-2.9.0.jar:2.9.0]
	at org.apache.commons.dbcp2.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:136) ~[commons-dbcp2-2.9.0.jar:2.9.0]
	at com.querydsl.sql.dml.AbstractSQLInsertClause.execute(AbstractSQLInsertClause.java:415) ~[querydsl-sql-4.4.0.jar:?]
	at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntryImpl(SqlOperationServiceImpl.java:209) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.sql.operation.impl.SqlOperationServiceImpl.addEntry(SqlOperationServiceImpl.java:177) ~[jans-orm-sql-1.0.22.jar:?]
	at io.jans.orm.sql.impl.SqlEntryManager.persist(SqlEntryManager.java:215) ~[jans-orm-sql-1.0.22.jar:?]
	... 69 more
12-02 20:28:55.861 ERROR [qtp1908143486-14] [io.jans.fido2.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:52) - Exception Handle, status: 500 Internal Server Error, body: {
    "error_description": "Unknown or not found error",
    "error": "unknown_error"
}
@mo-auto mo-auto added the kind-bug Issue or PR is a bug in existing functionality label Feb 12, 2024
@tetlowgm
Copy link

I ran into this same bug while working to stand up a lab environment to play around with Jans. I worked around it by altering the schema:

alter table public."jansFido2RegistrationEntry" alter COLUMN "jansCodeChallengeHash" TYPE varchar(256);

Probably the incorrect fix long term, but it got the FIDO2 registration flow working for me.

Weirdly enough, when I dump the table, I'm only seeing integers on the jansCodeChallengeHash column, so not sure why it would error in the first place. Maybe something with how the prepared statement is working?

@yurem yurem mentioned this issue Feb 15, 2024
Merged
@Milton-Ch Milton-Ch mentioned this issue Feb 16, 2024
Closed
2 tasks
@Milton-Ch
Copy link
Contributor

@yurem

Today I started to review this issue and I found the problem you found, but the solution I was going to do was to change the data type from integer to string, but your solution is better, since the hash is always generated as an integer.

On the other hand, I have validated your PR and can attest that it is already working with postgresql.

@Milton-Ch
Copy link
Contributor

Done

@SafinWasi SafinWasi mentioned this issue Mar 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moabu moabu

@Milton-Ch Milton-Ch

Labels
kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mzico @tetlowgm @moabu @mo-auto @Milton-Ch