Fido Register API Failing with timeout
Closed this issue · 15 comments
Error in Register Rest API for Fido2 Server
Pre Register Works fine and returns a challenge. When we use the IOS Sample app and use the challenge to generate the register object, its throwing a timeout error in register API.
Payload
{
"payload": {
"publicKeyCredential": {
"id": "eytsH726WbmJkc2Wz74ti88Mrbs",
"type": "public-key",
"rawId": "eytsH726WbmJkc2Wz74ti88Mrbs",
"response": {
"clientDataJSON": "<DATA>",
"attestationObject": "<DATA>"
}
},
"strongkeyMetadata": {
"username": "dsfsd",
"create_location": "Sunnyvale, CA",
"origin": "https:demo4.strongkey.com",
"version": "1.0"
}
},
"svcinfo": {
"svcpassword": "Abcd1234!",
"did": 1,
"authtype": "PASSWORD",
"svcusername": "svcfidouser",
"protocol": "FIDO2_0"
}
}
{
"Response": "FIDO-ERR-2001: FIDO 2 Error Message : {0}Request timed out, please try again"
}
Hi @sanudatta11,
Could you show the GlassFish log's output for when you performed your preregister and register?
The GlassFish server log is located at /usr/local/strongkey/payara5/glassfish/domains/domain1/logs/server.log
Millis: 1655078403139] [levelValue: 800] [[
w20Chq__w5phZO2MRKRf7uOylSI9D1vs0hduCZbwyM3rByH2SQ-7mnxf-KKlLAbNlynqwZDAV3-t5d0NSsEXWd7hTsgu9GTx8_lLa1vAegWT1VqA6B21Vw_C7wZkiD5tDNGxLnSmzq5dbxAa-4kGjd86zoPKym3uhNeVsKM0IFJ6zxTyeaKihdTk6kDiAeZIZpItihh2SpWBRYhmo19mI51RrzIQ3wzF-kSLNJ63qmVu182bm6F9EvsT7G-eSlcmX9Zz9EKGMWxCOcTUG4Xin7CS1clLieqO09vHZtlcCcjoZt8yiK1St05Dv961oLIZ_P5SLseO1MA-3ZqJhHplqQ]]
[2022-06-13T00:00:03.150+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=__ejb-thread-pool14] [timeMillis: 1655078403150] [levelValue: 800] [[
Certificate valid]]
[2022-06-13T00:00:03.162+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=__ejb-thread-pool14] [timeMillis: 1655078403162] [levelValue: 800] [[
Signature Verified!!]]
[2022-06-13T02:46:43.106+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=73 _ThreadName=http-thread-pool::http-listener-2(10)] [timeMillis: 1655088403106] [levelValue: 800] [[
APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]
[2022-06-13T02:46:43.112+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0001] [SKFS] [tid: _ThreadID=73 _ThreadName=http-thread-pool::http-listener-2(10)] [timeMillis: 1655088403112] [levelValue: 800] [[
FIDO-MSG-0001: Received preregister request; Input: [TXID=73-1655088403112]
did=1
svcusername=svcfidouser
protocol=FIDO2_0
username=soumyajit
displayname=soumyajit_dn
options={"attestation":"direct"}
extensions={}]]
[2022-06-13T02:46:43.121+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0002] [SKFS] [tid: _ThreadID=73 _ThreadName=http-thread-pool::http-listener-2(10)] [timeMillis: 1655088403121] [levelValue: 800] [[
FIDO-MSG-0002: Done with preregister request; Output: [TXID=73-1655088403112, START=1655088403112, FINISH=1655088403121, TTC=9]
FIDO2Registration Challenge parameters = {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"soumyajit","id":"4oTKi4qqUTTuTygFWO3zOdSevL5rj7Y6eG6B24M7XAs","displayName":"soumyajit_dn"},"challenge":"cL8DHFfDjUwU_ppFs3Pl6w","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-47},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-38}],"excludeCredentials":[],"attestation":"direct"}}]]
[2022-06-13T02:46:48.104+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408104] [levelValue: 800] [[
APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]
[2022-06-13T02:46:48.105+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0003] [SKFS] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408105] [levelValue: 800] [[
FIDO-MSG-0003: Received register request; Input: [TXID=65-1655088408105]
did=1
svcusername=svcfidouser
protocol=FIDO2_0
response={"id":"79U433x2hykUyf-h02qXwEkpyLN15N61MhYDTlM6AuWi-rmrO7kA0LdP3nSJNYedw6AqAh6RZiWjIyh5b1npW4oMJRS1sYMJVkRbNVlwBpSy_0OW2pRKLvVSRjxzT7LXsGV_i4r7KRE83ItVOS_cDKbYn3axDcYiUNaRXAR1DfHC5UP3hpystaKsOKvfCop2oA0rfrymTsUmF7RGKP-MNCiMP_Z5EnO8hHntAs41kTg","rawId":"79U433x2hykUyf-h02qXwEkpyLN15N61MhYDTlM6AuWi-rmrO7kA0LdP3nSJNYedw6AqAh6RZiWjIyh5b1npW4oMJRS1sYMJVkRbNVlwBpSy_0OW2pRKLvVSRjxzT7LXsGV_i4r7KRE83ItVOS_cDKbYn3axDcYiUNaRXAR1DfHC5UP3hpystaKsOKvfCop2oA0rfrymTsUmF7RGKP-MNCiMP_Z5EnO8hHntAs41kTg","response":{"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAKh568CoVnRo3MIwVyLbYTiXuO7FTbsKfuqin4vhpu9YAiAEWQuISPN74PyBD_tpWmjKix9gg_sQjf7xj0hO096XDGN4NWOBWQHkMIIB4DCCAYOgAwIBAgIEbCtY8jAMBggqhkjOPQQDAgUAMGQxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5TdHJvbmdBdXRoIEluYzEiMCAGA1UECxMZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEYMBYGA1UEAwwPQXR0ZXN0YXRpb25fS2V5MB4XDTE5MDcxODE3MTEyN1oXDTI5MDcxNTE3MTEyN1owZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQx9IY-uvfEvZ9HaJX3yaYmOqSIYQxS3Oi3Ed7iw4zXGR5C4RaKyOQeIu1hK2QCgoq210KjwNFU3TpsqAMZLZmFoyEwHzAdBgNVHQ4EFgQUNELQ4HBDjTWzj9E0Z719E4EeLxgwDAYIKoZIzj0EAwIFAANJADBGAiEA7RbR2NCtyMQwiyGGOADy8rDHjNFPlZG8Ip9kr9iAKisCIQCi3cNAFjTL03-sk7C1lij7JQ6mO7rhfdDMfDXSjegwuWhhdXRoRGF0YVkBNPgUPcPowj_96fevjVCLWyuOXtHPc57ItRHBr0kyY4M-QQAAAAAAAAAAAAAAAAAAAAAAAAAAALDv1TjffHaHKRTJ_6HTapfASSnIs3Xk3rUyFgNOUzoC5aL6uas7uQDQt0_edIk1h53DoCoCHpFmJaMjKHlvWelbigwlFLWxgwlWRFs1WXAGlLL_Q5balEou9VJGPHNPstewZX-LivspETzci1U5L9wMptifdrENxiJQ1pFcBHUN8cLlQ_eGnKy1oqw4q98KinagDSt-vKZOxSYXtEYo_4w0KIw_9nkSc7yEee0CzjWROKUBAgMmIAEhWCDyaCL1FRBjx_tJLFlnzwTSys214ccamb3iM8ioevGOEiJYIG_S-DmdODz6_GN6nOT4nlcmu55QbWFZXu7anb-KQgdI","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTENkbXlPQ2ZEUzltZDVJZkFYTzhtZyIsIm9yaWdpbiI6Imh0dHBzOi8vcWEtaW5mb3N5cy1maWRvLTIuc3Ryb25na2V5LmNvbTo4MTgxIn0"},"type":"public-key"}
metadata={"version":"1.0","create_location":"Sunnyvale, CA","username":"johndoe","origin":"https://demo4.strongkey.com"}]]
[2022-06-13T02:46:48.107+0000] [Payara 5.2020.7] [SEVERE] [FIDO-ERR-0006] [SKFS] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408107] [levelValue: 1000] [[
FIDO-ERR-0006: User session in-active: ]]
[2022-06-13T02:46:48.108+0000] [Payara 5.2020.7] [SEVERE] [] [] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408108] [levelValue: 1000] [[
com.strongkey.skfs.utilities.SKIllegalArgumentException: Request timed out, please try again
at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.retrieveUsernameFromSessionMap(FIDO2RegistrationBean.java:308)
at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.execute(FIDO2RegistrationBean.java:91)
at sun.reflect.GeneratedMethodAccessor400.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
at com.sun.proxy.$Proxy403.execute(Unknown Source)
at com.strongkey.skfs.txbeans.u2fServletHelperBean.register(u2fServletHelperBean.java:423)
at sun.reflect.GeneratedMethodAccessor399.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
at com.sun.proxy.$Proxy389.register(Unknown Source)
at com.strongkey.skfs.rest.SKFSServlet.register(SKFSServlet.java:240)
at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1636)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:259)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:371)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:238)
at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:182)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:156)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:218)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:95)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:260)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:177)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:109)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:88)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:53)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:524)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:89)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:94)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:33)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:114)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
at java.lang.Thread.run(Thread.java:748)
]]
[2022-06-13T02:46:48.109+0000] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408109] [levelValue: 1000] [[
FIDO-ERR-2001: FIDO 2 Error Message : Request timed out, please try again]]
This is the log output
PFA
Logs for trying from IOS sample app
[2022-06-13T13:21:08.663+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1655126468663] [levelValue: 800] [[
APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]
[2022-06-13T13:21:08.668+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0001] [SKFS] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1655126468668] [levelValue: 800] [[
FIDO-MSG-0001: Received preregister request; Input: [TXID=68-1655126468668]
did=1
svcusername=svcfidouser
protocol=FIDO2_0
username=testgithub
displayname=Initial KeyappleDebugPlatformKeyFlag
options={"attestation":"direct"}
extensions={}]]
[2022-06-13T13:21:08.686+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0002] [SKFS] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1655126468686] [levelValue: 800] [[
FIDO-MSG-0002: Done with preregister request; Output: [TXID=68-1655126468668, START=1655126468668, FINISH=1655126468686, TTC=18]
FIDO2Registration Challenge parameters = {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"testgithub","id":"DhAh3l3LKNxVt3JbHqALPvArWO1dVfC3STu2pAlogrU","displayName":"Initial KeyappleDebugPlatformKeyFlag"},"challenge":"iQ0wmnQLX0ENQRF1i0S-VA","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-47},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-38}],"excludeCredentials":[],"attestation":"direct"}}]]
[2022-06-13T13:22:48.912+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=69 _ThreadName=http-thread-pool::http-listener-2(6)] [timeMillis: 1655126568912] [levelValue: 800] [[
APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]
[2022-06-13T13:22:48.913+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0001] [SKFS] [tid: _ThreadID=69 _ThreadName=http-thread-pool::http-listener-2(6)] [timeMillis: 1655126568913] [levelValue: 800] [[
FIDO-MSG-0001: Received preregister request; Input: [TXID=69-1655126568913]
did=1
svcusername=svcfidouser
protocol=FIDO2_0
username=test123
displayname=Initial KeyappleDebugPlatformKeyFlag
options={"attestation":"direct"}
extensions={}]]
[2022-06-13T13:22:48.920+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0002] [SKFS] [tid: _ThreadID=69 _ThreadName=http-thread-pool::http-listener-2(6)] [timeMillis: 1655126568920] [levelValue: 800] [[
FIDO-MSG-0002: Done with preregister request; Output: [TXID=69-1655126568913, START=1655126568913, FINISH=1655126568920, TTC=7]
FIDO2Registration Challenge parameters = {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"test123","id":"nwJuNiaEBsjjka3bETrKS6k6NoSSgUJ7RhE8_f8_kgw","displayName":"Initial KeyappleDebugPlatformKeyFlag"},"challenge":"3g4j3g7Zoj8VnCrtECDl7Q","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-47},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-38}],"excludeCredentials":[],"attestation":"direct"}}]]
[2022-06-13T13:22:58.621+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578621] [levelValue: 800] [[
APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]
[2022-06-13T13:22:58.621+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0003] [SKFS] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578621] [levelValue: 800] [[
FIDO-MSG-0003: Received register request; Input: [TXID=67-1655126578621]
did=1
svcusername=svcfidouser
protocol=FIDO2_0
response={"id":"0kokmpryALEN0lHA0-tH8FXmBJ8","type":"public-key","rawId":"0kokmpryALEN0lHA0-tH8FXmBJ8","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiM2c0ajNnN1pvajhWbkNydEVDRGw3USIsIm9yaWdpbiI6Imh0dHBzOi8va2V5dmFsdWUuc3lzdGVtcyJ9","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViY2pvfDjvYYCbhvrcnqeBVI3zHnqq1dWxrJ4AyiRA743lFAAAAAAAAAAAAAAAAAAAAAAAAAAAAFNJKJJqa8gCxDdJRwNPrR_BV5gSfpQECAyYgASFYIPbh0LULe1ikb2GZMPzj0-yktzchikXliwdiUMPJ_hvPIlggHrgdcRuH20Vb9InKT-zEw2Mqt-EKjg6SPdU468Xx_5k"}}
metadata={"version":"1.0","create_location":"Sunnyvale, CA","origin":"https://demo4.strongkey.com","username":"test123"}]]
[2022-06-13T13:22:58.625+0000] [Payara 5.2020.7] [SEVERE] [] [] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578625] [levelValue: 1000] [[
com.strongkey.skfs.utilities.SKIllegalArgumentException: Invalid Origin: https://keyvalue.systems != https://demo4.strongkey.com
at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.verifyOrigin(FIDO2RegistrationBean.java:328)
at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.execute(FIDO2RegistrationBean.java:99)
at sun.reflect.GeneratedMethodAccessor400.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
at com.sun.proxy.$Proxy403.execute(Unknown Source)
at com.strongkey.skfs.txbeans.u2fServletHelperBean.register(u2fServletHelperBean.java:423)
at sun.reflect.GeneratedMethodAccessor399.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
at com.sun.proxy.$Proxy389.register(Unknown Source)
at com.strongkey.skfs.rest.SKFSServlet.register(SKFSServlet.java:240)
at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1636)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:259)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:371)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:238)
at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
at java.lang.Thread.run(Thread.java:748)
]]
[2022-06-13T13:22:58.625+0000] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578625] [levelValue: 1000] [[
FIDO-ERR-2001: FIDO 2 Error Message : Invalid Origin: https://keyvalue.systems != https://demo4.strongkey.com]]
Hi @sanudatta11,
- It seems that in your server logs the username found in your register requests is different than the user you used in your preregister request. May I ask what you are using to send these requests?
- The demo4 openapi is only used as an example for how a request should be structured. You will not be able to complete a registration because there is no FIDO simulator used in this process.
- For your IOS app, are you using the app as is or are you rebuilding it?
- We tried with many possible combinations but the tail log for the ios app is an actual username password api call.
- Ok. How to verify and use register request then
- We are using the app by changing the api endpoint from demo to our api server .
Attaching the log after we changed the origin in the IOS App
server_2.log
I have a question. Right now with the IOS we are facing a RPID mismatch error. How do we change the RPID. We have tried changing it in the upgrade script and running it but it didn't update it
FIDO-ERR-2001: FIDO 2 Error Message : RPID Hash invalid]]
I changed the RPID in install-skfs script and ran it on a new server, but it gave out LDAP error below
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Deploying StrongKey FidoServer ... Application deployed with name fidoserver.
Command deploy executed successfully.
The above issue resulted in svcfido user not getting created and thus the pre register call fails with error
FIDO-ERR-0003: Error during calling web service: SKCEWS-ERR-3055: Invalid user: svcfidouser]]
@arshadnoor The latest. We were able to resolve the LDAP issue. We also were able to change the RPID and attach it to our domain.
Right now in IOS we are getting the following error -
[2022-06-15T16:52:36.137+0000] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(3)] [timeMillis: 1655311956137] [levelValue: 1000] [[
FIDO-ERR-5011: Json could not be parsed : Policy requires counter]]
Attached latest server logs
Hi @sanudatta11 ,
Can you give us more detail on what application you are using to test on IOS?
Are you testing the web application on safari on IOS? or are you testing a native app running on IOS using passkey?
If it is the native app, is this what is provided by StrongKey in the sample apps? or have you built your own?
If this is the Strongkey sample app, then have you rebuilt the app locally with changes?
From the error logs it looks like the application is using domain id 1 which is the minimal policy that enforces counters (https://docs.strongkey.com/index.php/skfs-home/skfs-administration/skfs-security/skfs-policy/minimal-any-hardware-authenticator) and will reject anything that will not have a counter or if the counter does not increment.
Our FIDO server during installation adds 8 domains to the database with 8 different policies and if you can change the application to use domain 7 (did=7) then it uses a policy that is defined for apple devices that provide either apple or none attestation and this policy makes the counter optional (https://docs.strongkey.com/index.php/skfs-home/skfs-administration/skfs-security/skfs-policy/skfs-policy-restricted-apple-passkey).
So based on your answers above, I can may be point you to the right location to configure the correct domain id.
You can also put logs in FINE mode on the server so that we may be able to get more detailed logs for debugging in the future. One the FIDO server run the following to do so:
shell> asadmin set-log-levels SKFS=FINE
Thank you
Closing this issue as there has not been any update for a long time. Please feel free to reopen this if this is still a problem,
The link below also has more information about counters and how to fix the error above,
https://docs.strongkey.com/index.php/skfs-home/skfs-troubleshooting/skfs-solutions-for-known-issues/policy-requires-counter