Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to register yubi keys #31

Open
ChrisPrior86 opened this issue Mar 18, 2022 · 9 comments
Open

Unable to register yubi keys #31

ChrisPrior86 opened this issue Mar 18, 2022 · 9 comments

Comments

@ChrisPrior86
Copy link

I have ensured gmp and mbstring are enabled on my wordpress hosting site but cannot register yubi keys (including yubi 4)
Is there a restriction on which version of key can be used? The general information suggests that webauthn should work with any of the u2f keys
The only config item with mbstring that may be an issue that I can see is HTTP input encoding translation is Disabled
Does that need to be changed?
Client is gentoo linux, browser google chrome 99.0 4844.51

Thanks
Chris
@yrccondor
Copy link
Owner

There is a logging option in the plug-in's settings page. Could you pls provide logs for the failed registration?

@ChrisPrior86
Copy link
Author

Here is the log entry

[2022-03-18 11:56:49][cc880a] PHP Version => 7.4.28, WordPress Version => 5.9.2, WP-WebAuthn Version => 1.2.6
[2022-03-18 11:56:49][cc880a] Current config: first_choice => "true", website_name => "All Saints\' Church Breadsall", website_domain => "www.breadsallchurch.org.uk", remember_me => "false", user_verification => "false", allow_authenticator_type => "none", usernameless_login => "false"
[2022-03-18 11:56:49][cc880a] Logger initialized
[2022-03-18 11:56:49][cc880a] website_name: "All Saints\' Church Breadsall"->"All Saints\\\' Church Breadsall"
[2022-03-18 11:56:49][cc880a] user_verification: "false"->"true"
[2022-03-18 11:57:16][051801] ajax_create: Start
[2022-03-18 11:57:16][051801] ajax_create: name => "yubi 1", type => "none", usernameless => "false"
[2022-03-18 11:57:16][051801] ajax_create: user => "chris"
[2022-03-18 11:57:16][051801] ajax_create: excludeCredentials => []
[2022-03-18 11:57:16][051801] ajax_create: user_verification => "true"
[2022-03-18 11:57:16][051801] ajax_create: Challenge sent
[2022-03-18 11:57:57][24e14e] ajax_create: Start
[2022-03-18 11:57:57][24e14e] ajax_create: name => "yubi 4", type => "none", usernameless => "false"
[2022-03-18 11:57:57][24e14e] ajax_create: user => "chris"
[2022-03-18 11:57:57][24e14e] ajax_create: excludeCredentials => []
[2022-03-18 11:57:57][24e14e] ajax_create: user_verification => "true"
[2022-03-18 11:57:57][24e14e] ajax_create: Challenge sent
[2022-03-18 12:24:43][c27585] ajax_auth: Start
[2022-03-18 12:24:43][c27585] ajax_auth: type => "auth", user => "chris1"
[2022-03-18 12:24:43][c27585] ajax_auth: User not initialized, initialize
[2022-03-18 12:24:43][c27585] ajax_auth: allowedCredentials => []
[2022-03-18 12:24:43][c27585] ajax_auth: user_verification => "true"
[2022-03-18 12:24:43][c27585] ajax_auth: Challenge sent
[2022-03-18 13:03:48][00be7f] website_name: "All Saints\\\' Church Breadsall"->"All Saints Church Breadsall"
[2022-03-18 13:03:48][00be7f] website_domain: "www.breadsallchurch.org.uk"->"breadsallchurch.org.uk"
[2022-03-18 13:04:11][4ae878] ajax_create: Start
[2022-03-18 13:04:11][4ae878] ajax_create: name => "yubi 1", type => "none", usernameless => "false"
[2022-03-18 13:04:11][4ae878] ajax_create: user => "chris"
[2022-03-18 13:04:11][4ae878] ajax_create: excludeCredentials => []
[2022-03-18 13:04:11][4ae878] ajax_create: user_verification => "true"
[2022-03-18 13:04:11][4ae878] ajax_create: Challenge sent

@ChrisPrior86
Copy link
Author

The browser provides a message that I may require a newer or different type of key
I have tried several different fido u2f keys from 4 different manufacturers

@yrccondor
Copy link
Owner

Seems like you have user verification enabled. U2F doesn't support user verification however and the procedure failed on the browser side.

@ChrisPrior86
Copy link
Author

Changing that makes no difference. Seems that sodium is required. Never heard of that.

[2022-03-18 19:36:53][423770] ajax_create: Start
[2022-03-18 19:36:53][423770] ajax_create: name => "Yubi", type => "none", usernameless => "false"
[2022-03-18 19:36:53][423770] ajax_create: user => "chris"
[2022-03-18 19:36:53][423770] ajax_create: excludeCredentials => []
[2022-03-18 19:36:53][423770] ajax_create: user_verification => "true"
[2022-03-18 19:36:53][423770] ajax_create: Challenge sent
[2022-03-18 19:37:54][1c27e4] ajax_create: Start
[2022-03-18 19:37:54][1c27e4] ajax_create: name => "Yubi", type => "none", usernameless => "false"
[2022-03-18 19:37:54][1c27e4] ajax_create: user => "chris"
[2022-03-18 19:37:54][1c27e4] ajax_create: excludeCredentials => []
[2022-03-18 19:37:54][1c27e4] ajax_create: user_verification => "true"
[2022-03-18 19:37:54][1c27e4] ajax_create: Challenge sent
[2022-03-18 22:05:27][0d6e07] user_verification: "true"->"false"
[2022-03-18 22:05:53][e99606] ajax_create: Start
[2022-03-18 22:05:53][e99606] ajax_create: name => "yubi", type => "none", usernameless => "false"
[2022-03-18 22:05:53][e99606] ajax_create: user => "chris"
[2022-03-18 22:05:53][e99606] ajax_create: excludeCredentials => []
[2022-03-18 22:05:53][e99606] ajax_create: user_verification => "false"
[2022-03-18 22:05:53][e99606] ajax_create: Challenge sent
[2022-03-18 22:05:58][46269d] ajax_create_response: Client response received
[2022-03-18 22:05:58][46269d] ajax_create_response: name => "yubi", type => "none", usernameless => "false"
[2022-03-18 22:05:58][46269d] ajax_create_response: data => {"id":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ","type":"public-key","rawId":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ==","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiNTlQV1FTUjhkN1FOZlNxSFV5TWZ4clB2emw0RFZQc3lSX3F5WjR6S2xmayIsIm9yaWdpbiI6Imh0dHBzOi8vd3d3LmJyZWFkc2FsbGNodXJjaC5vcmcudWsiLCJjcm9zc09yaWdpbiI6ZmFsc2V9","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEIzhm+TPpHQCUHMFs7oxwe2j7cKCrJscX4VHFQY+R0BZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOTxZUKCQEJKbfbQbaEh943FruG9he7X7y0iLIq6qddqzdHXBg+SxogHExEKWvZXjpzGExYqMQaKj5TcHNIRcGGlAQIDJiABIVggAAuoRwb5bhhxLpKN0IgIoAfkwbOZeGS6ZLuj0zDOXCsiWCCUOHwUOEgfVtRRQINB7mNFc6qJJSgZfCTH7C8CltsuqQ=="}}
[2022-03-18 22:05:58][46269d] ajax_create_response: Credential ID unique check passed
[2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)The extension "sodium" is not available. Please install it to use this method
[2022-03-18 22:05:58][46269d] Traceback:
1) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-admin/admin-ajax.php(187): do_action('wp_ajax_wwa_cre...')
2) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/plugin.php(474): WP_Hook->do_action(Array)
3) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array)
4) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(307): wwa_ajax_create_response('')
5) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/wwa-ajax.php(476): Webauthn\Server->loadAndCheckAttestationResponse('{"id":"5PFlQoJA...', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest))
6) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(250): Webauthn\Server->getAttestationStatementSupportManager()
7) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(336): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->__construct()
8) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/AttestationStatement/AndroidSafetyNetAttestationStatementSupport.php(97): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->initJwsVerifier()
[2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)Challenge not verified, exit

@yrccondor
Copy link
Owner

yrccondor commented Mar 18, 2022
edited
Loading

sodium is a built-in PHP extension for encryption since PHP 7.2. Please check your php.ini (extension=sodium) or contact your sever manager.

we'll add a warning in the settings page if sodium is not installed since next version.

@Trapulo
Copy link

Trapulo commented Mar 23, 2022
edited
Loading

I have same problem. PHP 8.0, Yubikey

What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?

[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed
[2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.

@yrccondor
Copy link
Owner

What is sodium?

It's a built-in PHP extension but not enabled by default on some PHP instance. You need to check whether you have enabled it.

(ERROR)Out of range. Expected: 45963, read: 126.

Have never seen this error before. I'll try to figure it out.

Sorry for the late response.

@My1
Copy link

My1 commented Jan 12, 2024

I have same problem. PHP 8.0, Yubikey

What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?

[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed [2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.

what model of yubikey do you have, also are either Require user verification or Allow to login without username active?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Trapulo @My1 @yrccondor @ChrisPrior86