FIDO registration with an android device fails

[mefarazath]

Describe the Issue:
When trying to register an android phone as a security device the registration initially fails with below error message

This is due to the fact that the phone does not support usernameless flavour of FIDO, therefore tried clicking on "Try with an older device" to register the device as a passwordless option for 2FA.

Connected the phone for remote debugging and was able to see that the start registration API call to webauthn endpoint is done successfully and the device generates a public key and portal calls the finish registration API of the webauthn endpoint.

It fails with an error message as below.

Seems like there is a backend error with the stack trace.

Caused by: java.lang.NoClassDefFoundError: Could not initialize class com.yubico.webauthn.AndroidSafetynetAttestationStatementVerifier
	at com.yubico.webauthn.FinishRegistrationSteps$Step13.attestationStatementVerifier(FinishRegistrationSteps.java:395)
	at com.yubico.webauthn.FinishRegistrationSteps$Step13.nextStep(FinishRegistrationSteps.java:379)
	at com.yubico.webauthn.FinishRegistrationSteps$Step13.nextStep(FinishRegistrationSteps.java:368)
	at com.yubico.webauthn.FinishRegistrationSteps$Step.next(FinishRegistrationSteps.java:110)

full stack trace: https://gist.github.com/mefarazath/acc24fcc00bc1f6b780c5e959050e006

How To Reproduce:
Try to register an Android phone as a security device via portal

Expected behavior:
Should be able to register the device as a security device successfully and use as second factor.

Device Information (Please complete the following information) :

• Device: Samsung S10+ (SM-G975F)
• OS: Android 10
• Browser + Version Chrome (81.0.4044.111)

---

[emswbandara]

Re-opened to capture public fix.