webauthn error with Goldengate security Key G310

[gpgmailencrypt]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

1. Setting a eWBM Goldengate Security Key G 310 as Webauthn device
2. Trying to login

Expected behaviour

Login with Webauthn works

Actual behaviour

No login possible

Server configuration

Operating system:

Ubuntu 18.04.5 LTS
Web server:
Apache/2.4.29
Database:
10.1.44-MariaDB
PHP version:
PHP 7.2.24-0ubuntu0.18.04.6
Nextcloud version: (see Nextcloud admin page)
19.0.2

Updated from an older Nextcloud/subdir or fresh install:
Updated from Nextcloud 18
Where did you install Nextcloud from:
Download from Nextcloud
Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

• activity: 2.12.0
• admin_audit: 1.9.0
• announcementcenter: 3.8.1
• apporder: 0.10.0
• bookmarks: 3.3.4
• bruteforcesettings: 2.0.0
• calendar: 2.0.4
• circles: 0.19.5
• cloud_federation_api: 1.2.0
• comments: 1.9.0
• contacts: 3.3.0
• contactsinteraction: 1.0.0
• dav: 1.15.0
• dicomviewer: 1.2.2
• duplicatefinder: 0.0.2
• federatedfilesharing: 1.9.0
• federation: 1.9.0
• files: 1.14.0
• files_accesscontrol: 1.9.0
• files_antivirus: 2.4.1
• files_automatedtagging: 1.9.0
• files_external: 1.10.0
• files_linkeditor: 1.1.1
• files_pdfviewer: 1.8.0
• files_retention: 1.8.2
• files_sharing: 1.11.0
• files_trashbin: 1.9.0
• files_versions: 1.12.0
• forms: 2.0.3
• gpxedit: 0.0.13
• gpxpod: 4.2.2
• guests: 1.4.6
• logreader: 2.4.0
• lookup_server_connector: 1.7.0
• mail: 1.4.1
• maps: 0.1.6
• metadata: 0.12.0
• music: 0.16.0
• news: 14.1.11
• nextcloud_announcements: 1.8.0
• notes: 3.6.4
• notifications: 2.7.0
• oauth2: 1.7.0
• ocr: 6.0.55
• ocsms: 2.1.8
• password_policy: 1.9.1
• phonetrack: 0.6.4
• photos: 1.1.0
• polls: 1.4.3
• previewgenerator: 2.3.0
• privacy: 1.3.0
• provisioning_api: 1.9.0
• quota_warning: 1.8.0
• richdocuments: 3.7.3
• serverinfo: 1.9.0
• settings: 1.1.0
• sharebymail: 1.9.0
• spreed: 9.0.3
• support: 1.2.1
• systemtags: 1.9.0
• tasks: 0.13.3
• text: 3.0.1
• theming: 1.10.0
• twofactor_backupcodes: 1.8.0
• twofactor_totp: 5.0.0
• twofactor_u2f: 6.0.0
• updatenotification: 1.9.0
• user_sql: 4.5.0
• viewer: 1.3.0
• workflowengine: 2.1.0
  Disabled:
• accessibility
• audioplayer
• audioplayer_editor
• dropit
• encryption
• files_rightclick
• files_videoplayer
• firstrunwizard
• keeweb
• ojsxc
• radio
• ransomware_protection
• recommendations
• socialsharing_diaspora
• socialsharing_email
• socialsharing_facebook
• socialsharing_twitter
• survey_client
• suspicious_login
• twofactor_gateway
• user_ldap

Nextcloud configuration:

Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here. 
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: user_sql

Client configuration

Browser:
firefox 80.0
chromium 84.0.4147.135
Operating system:
Linux Mint 20

Logs

Web server error log

Web server error log

Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"X0oYNWdDNwC1OvBEBD2NwAAAAAY","level":3,"time":"2020-08-29T08:56:21+00:00","remoteAddr":"62.216.202.223","user":"--","app":"index","method":"POST","url":"/subdir/index.php/login/webauthn/finish","message":{"Exception":"Assert\InvalidArgumentException","Message":"The credential ID is invalid.","Code":15,"Trace":[{"file":"/var/nextcloud/3rdparty/beberlei/assert/lib/Assert/Assertion.php","line":708,"function":"createException","class":"Assert\Assertion","type":"::","args":[null,"The credential ID is invalid.",15,null]},{"file":"/var/nextcloud/3rdparty/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php","line":101,"function":"notNull","class":"Assert\Assertion","type":"::","args":[null,"The credential ID is invalid."]},{"file":"/var/nextcloud/lib/private/Authentication/WebAuthn/Manager.php","line":238,"function":"check","class":"Webauthn\AuthenticatorAssertionResponseValidator","type":"->","args":[null,{"class":"Webauthn\AuthenticatorAssertionResponse"},{"class":"Webauthn\PublicKeyCredentialRequestOptions"},{"class":"GuzzleHttp\Psr7\ServerRequest"},"user@mydom.ain"]},{"file":"/var/nextcloud/core/Controller/WebAuthnController.php","line":107,"function":"finishAuthentication","class":"OC\Authentication\WebAuthn\Manager","type":"->","args":[{"class":"Webauthn\PublicKeyCredentialRequestOptions"},"{"id":"PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo_nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn-yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV-YG3Wot--2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN-bo9D8_5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs_gY8D-ErIansmVztBF4hpug-","type":"public-key","rawId":"PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo/nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn+yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV+YG3Wot++2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN+bo9D8/5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs/gY8D+ErIansmVztBF4hpug+/","response":{"authenticatorData":"5WWj14tg7KrNEb6zdWqng/bDejSw0nwpZDEV7OV52RYBAAAAIA==","clientDataJSON":"eyJjaGFsbGVuZ2UiOiJWWWVQUXFlTTRxVU03eWZ1cEFTTC0yZzVJcUx3QUV4Z1o2eG9vbXVmdVc4IiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cHM6Ly9rbm9ycm5ldC5kZSIsInR5cGUiOiJ3ZWJhdXRobi5nZXQifQ==","signature":"MEYCIQCgLgSNy5HCvvYsA6RmFKSTlf5uC9b/Ou+2fPkD2uI9agIhAMM7Oy5o5Ghvegx6cdQg1ip6fM0ACx+xnQc21Z27tOsM","userHandle":null}}","user@mydom.ain"]},{"file":"/var/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":170,"function":"finishAuthentication","class":"OC\Core\Controller\WebAuthnController","type":"->","args":["{"id":"PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo_nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn-yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV-YG3Wot--2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN-bo9D8_5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs_gY8D-ErIansmVztBF4hpug-","type":"public-key","rawId":"PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo/nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn+yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV+YG3Wot++2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN+bo9D8/5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs/gY8D+ErIansmVztBF4hpug+/","response":{"authenticatorData":"5WWj14tg7KrNEb6zdWqng/bDejSw0nwpZDEV7OV52RYBAAAAIA==","clientDataJSON":"eyJjaGFsbGVuZ2UiOiJWWWVQUXFlTTRxVU03eWZ1cEFTTC0yZzVJcUx3QUV4Z1o2eG9vbXVmdVc4IiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cHM6Ly9rbm9ycm5ldC5kZSIsInR5cGUiOiJ3ZWJhdXRobi5nZXQifQ==","signature":"MEYCIQCgLgSNy5HCvvYsA6RmFKSTlf5uC9b/Ou+2fPkD2uI9agIhAMM7Oy5o5Ghvegx6cdQg1ip6fM0ACx+xnQc21Z27tOsM","userHandle":null}}"]},{"file":"/var/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\AppFramework\Http\Dispatcher","type":"->","args":[{"class":"OC\Core\Controller\WebAuthnController"},"finishAuthentication"]},{"file":"/var/nextcloud/lib/private/AppFramework/App.php","line":137,"function":"dispatch","class":"OC\AppFramework\Http\Dispatcher","type":"->","args":[{"class":"OC\Core\Controller\WebAuthnController"},"finishAuthentication"]},{"file":"/var/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\AppFramework\App","type":"::","args":["OC\Core\Controller\WebAuthnController","finishAuthentication",{"class":"OC\AppFramework\DependencyInjection\DIContainer"},{"_route":"core.WebAuthn.finishAuthentication"}]},{"function":"__invoke","class":"OC\AppFramework\Routing\RouteActionHandler","type":"->","args":[{"_route":"core.WebAuthn.finishAuthentication"}]},{"file":"/var/nextcloud/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"class":"OC\AppFramework\Routing\RouteActionHandler"},{"_route":"core.WebAuthn.finishAuthentication"}]},{"file":"/var/nextcloud/lib/base.php","line":1012,"function":"match","class":"OC\Route\Router","type":"->","args":["/login/webauthn/finish"]},{"file":"/var/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/nextcloud/3rdparty/beberlei/assert/lib/Assert/Assertion.php","Line":2752,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0","version":"19.0.2.2","id":"5f4a1835ad2bc"}

Browser log

Browser log

passwordless login initiated PasswordLessLoginForm.vue:90 Obtained PublicKeyCredentialRequestOptions PasswordLessLoginForm.vue:128 Object { challenge: "MlRWqUyhbDdLuZBOe1fU_ruQEVNsYd5WaymW30oy6HY", rpId: "mydom.ain", userVerification: "discouraged", allowCredentials: (1) […], timeout: 60000 } PasswordLessLoginForm.vue:129 Converted PublicKeyCredentialRequestOptions PasswordLessLoginForm.vue:144 Object { challenge: Uint8Array(32), rpId: "mydom.ain", userVerification: "discouraged", allowCredentials: (1) […], timeout: 60000 } PasswordLessLoginForm.vue:145 Object { challenge: Uint8Array(32), rpId: "mydom.ain", userVerification: "discouraged", allowCredentials: (1) […], timeout: 60000 } PasswordLessLoginForm.vue:94 PublicKeyCredential { rawId: ArrayBuffer, response: AuthenticatorAssertionResponse, id: "PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo_nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn-yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV-YG3Wot--2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN-bo9D8_5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs_gY8D-ErIansmVztBF4hpug-_", type: "public-key" } PasswordLessLoginForm.vue:164 Uint8Array(192) [ 61, 25, 252, 148, 100, 159, 246, 90, 73, 42, … ] PasswordLessLoginForm.vue:165 PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo/nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn+yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV+YG3Wot++2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN+bo9D8/5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs/gY8D+ErIansmVztBF4hpug+/ PasswordLessLoginForm.vue:166 Object { id: "PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo_nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn-yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV-YG3Wot--2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN-bo9D8_5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs_gY8D-ErIansmVztBF4hpug-_", type: "public-key", rawId: "PRn8lGSf9lpJKrri9sqS7AIDpQQstgUie7xq15B9rHo/nFMiDdmUJwxYCfdmqtYyn6Tep622MVm2aeBQJ5MQEEemn+yCq8Oqx0bcJp9nHN1RczHYWOk7tfZV+YG3Wot++2WFmcVpsSwHyizK9eiVqnfVXYq22kIYOvJYcN+bo9D8/5BiG41Vi6BtbVeOkw5uIMvo2HQs9OSKnumZ2glQ8I9ncPeDtEHfSBQAoLs/gY8D+ErIansmVztBF4hpug+/", response: {…} } PasswordLessLoginForm.vue:180 TIME TO COMPLETE PasswordLessLoginForm.vue:189 XHRPOSThttps://mydom.ain/subdir/index.php/login/webauthn/finish [HTTP/1.1 500 Internal Server Error 166ms]

GOT AN ERROR WHILE SUBMITTING CHALLENGE! PasswordLessLoginForm.vue:199
Error: Request failed with status code 500
exports createError.js:16
exports settle.js:17
onreadystatechange xhr.js:61
exports xhr.js:36
exports xhr.js:12
exports dispatchRequest.js:52
promise callbacku.prototype.request Axios.js:61
e Axios.js:86
exports bind.js:9
completeAuthentication WebAuthnAuthenticationService.js:35
promise callbackauthenticate PasswordLessLoginForm.vue:98
VueJS 4
click LoginButton.vue:1
VueJS 33
PasswordLessLoginForm.vue:200

​

[szaimen]

Is this Issue still valid in NC21.0.2? If not, please close this issue. Thanks! :)

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.