You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have upgraded to Keycloak 24.0.5, and it kinda broke Webauthn for me. I registered a new passkey (passwordless), and I had to disable User verification, otherwise it would fail like this:
om.webauthn4j.validator.exception.UserNotVerifiedException: Validator is configured to check user verified, but UV flag in authenticatorData is not set.
at com.webauthn4j.validator.AuthenticationDataValidator.validate(AuthenticationDataValidator.java:177)
at com.webauthn4j.WebAuthnAuthenticationManager.validate(WebAuthnAuthenticationManager.java:122)
at org.keycloak.credential.WebAuthnCredentialProvider.isValid(WebAuthnCredentialProvider.java:212)
at org.keycloak.credential.UserCredentialManager.lambda$validate$11(UserCredentialManager.java:255)
at java.base/java.util.Collection.removeIf(Collection.java:576)
at org.keycloak.credential.UserCredentialManager.validate(UserCredentialManager.java:255)
at org.keycloak.credential.UserCredentialManager.lambda$isValid$0(UserCredentialManager.java:76)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1779)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
at org.keycloak.credential.UserCredentialManager.isValid(UserCredentialManager.java:76)
at org.keycloak.models.SubjectCredentialManager.isValid(SubjectCredentialManager.java:45)
at org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticator.action(WebAuthnAuthenticator.java:217)
at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:151)
at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:1011)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:365)
at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:336)
at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:328)
at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:393)
at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
2024-06-07 14:21:15,847 WARN [org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticator] (executor-thread-21) WebAuthn API .get() response validation failure. Validator is configured to check user verified, but UV flag in authenticatorData is not set.
Note that I was using the same passkey store (Apple/macOS) as before.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I have upgraded to Keycloak 24.0.5, and it kinda broke Webauthn for me. I registered a new passkey (passwordless), and I had to disable User verification, otherwise it would fail like this:
Note that I was using the same passkey store (Apple/macOS) as before.
Beta Was this translation helpful? Give feedback.
All reactions