Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to enroll U2F token on latest Chrome #1636

Closed
quynh-axiadids opened this issue May 20, 2019 · 3 comments

Comments

Projects
None yet
4 participants
@quynh-axiadids
Copy link
Contributor

commented May 20, 2019

What did you try to do?

Enroll U2F token on Chrome

What outcome did you expect?

Being able to enroll U2F token on Chrome

What outcome did you experience?

Failed to enroll U2F token on Chrome

Configuration

  • privacyIDEA Version: 2.23.5

  • Installation method: from source

more details:

  • OS: Amazon LInux

  • Webserver: nginx

  • Tokendatabase: postgresql

Log file

U2F recently fails to enroll with error pop up: "Bad U2F Request / challenge must be base64url encoded"

My Chrome version is Version 74.0.3729.157 (Official Build) (64-bit)

I think this maybe related to this change in Chrome Crypto:
chromium/chromium@ceb9297#diff-bbd4efb6053a9f322d1ba351e036bd71

I am using PrivacyIDEA 2.23.5. Just want to make sure this is already fixed in 3.0?

Thank you and best regards,

Quynh Nguyen

@cornelinux

This comment has been minimized.

Copy link
Member

commented May 21, 2019

@Mipronimo Isn't this something you talked about lately?

@Mipronimo

This comment has been minimized.

Copy link
Member

commented May 22, 2019

There is a problem with Google Chrome 72+ and u2f.
The login process works fine with Google Chrome. Only the enrollment fails.

To enroll the token, please use Firefox, but you'll need privacyIDEA 3.0 to do so.

@cornelinux cornelinux added known issue and removed possible bug labels May 23, 2019

@tony11375

This comment has been minimized.

Copy link

commented Jun 7, 2019

Hi,

Since today, we have the same issue

PrivacyIdea Version : 2.23.2
Chrome Version : 74.0.3729.157 and 75.0.3770.80

By running Chrome with --disable-features=WebAuthenticationProxyCryptotoken it's working again but that not really a fix..

@Mipronimo Mipronimo self-assigned this Jun 7, 2019

Mipronimo added a commit that referenced this issue Jun 7, 2019

Fix U2F enrollment for Chrome 72+
In Chrome 72, the base64url decoding behaviour changed.
This could be fixed, if we use the base64_encode function for u2f
registration and not only for signing.

I did not test it in a good way yet. But I noticed that this works in my
scenario with both, Google Chrome and Mozilla Firefox.

resolves #1636

cornelinux added a commit that referenced this issue Jun 13, 2019

Fix U2F enrollment for Chrome 72+ (#1669)
* Fix U2F enrollment for Chrome 72+

In Chrome 72, the base64url decoding behaviour changed.
This could be fixed, if we use the base64_encode function for u2f
registration and not only for signing.

I did not test it in a good way yet. But I noticed that this works in my
scenario with both, Google Chrome and Mozilla Firefox.

resolves #1636
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.