Unable to register yubi keys
Opened this issue · 9 comments
I have ensured gmp and mbstring are enabled on my wordpress hosting site but cannot register yubi keys (including yubi 4)
Is there a restriction on which version of key can be used? The general information suggests that webauthn should work with any of the u2f keys
The only config item with mbstring that may be an issue that I can see is HTTP input encoding translation is Disabled
Does that need to be changed?
Client is gentoo linux, browser google chrome 99.0 4844.51
Thanks
Chris
There is a logging option in the plug-in's settings page. Could you pls provide logs for the failed registration?
Here is the log entry
[2022-03-18 11:56:49][cc880a] PHP Version => 7.4.28, WordPress Version => 5.9.2, WP-WebAuthn Version => 1.2.6
[2022-03-18 11:56:49][cc880a] Current config: first_choice => "true", website_name => "All Saints\' Church Breadsall", website_domain => "www.breadsallchurch.org.uk", remember_me => "false", user_verification => "false", allow_authenticator_type => "none", usernameless_login => "false"
[2022-03-18 11:56:49][cc880a] Logger initialized
[2022-03-18 11:56:49][cc880a] website_name: "All Saints\' Church Breadsall"->"All Saints\\\' Church Breadsall"
[2022-03-18 11:56:49][cc880a] user_verification: "false"->"true"
[2022-03-18 11:57:16][051801] ajax_create: Start
[2022-03-18 11:57:16][051801] ajax_create: name => "yubi 1", type => "none", usernameless => "false"
[2022-03-18 11:57:16][051801] ajax_create: user => "chris"
[2022-03-18 11:57:16][051801] ajax_create: excludeCredentials => []
[2022-03-18 11:57:16][051801] ajax_create: user_verification => "true"
[2022-03-18 11:57:16][051801] ajax_create: Challenge sent
[2022-03-18 11:57:57][24e14e] ajax_create: Start
[2022-03-18 11:57:57][24e14e] ajax_create: name => "yubi 4", type => "none", usernameless => "false"
[2022-03-18 11:57:57][24e14e] ajax_create: user => "chris"
[2022-03-18 11:57:57][24e14e] ajax_create: excludeCredentials => []
[2022-03-18 11:57:57][24e14e] ajax_create: user_verification => "true"
[2022-03-18 11:57:57][24e14e] ajax_create: Challenge sent
[2022-03-18 12:24:43][c27585] ajax_auth: Start
[2022-03-18 12:24:43][c27585] ajax_auth: type => "auth", user => "chris1"
[2022-03-18 12:24:43][c27585] ajax_auth: User not initialized, initialize
[2022-03-18 12:24:43][c27585] ajax_auth: allowedCredentials => []
[2022-03-18 12:24:43][c27585] ajax_auth: user_verification => "true"
[2022-03-18 12:24:43][c27585] ajax_auth: Challenge sent
[2022-03-18 13:03:48][00be7f] website_name: "All Saints\\\' Church Breadsall"->"All Saints Church Breadsall"
[2022-03-18 13:03:48][00be7f] website_domain: "www.breadsallchurch.org.uk"->"breadsallchurch.org.uk"
[2022-03-18 13:04:11][4ae878] ajax_create: Start
[2022-03-18 13:04:11][4ae878] ajax_create: name => "yubi 1", type => "none", usernameless => "false"
[2022-03-18 13:04:11][4ae878] ajax_create: user => "chris"
[2022-03-18 13:04:11][4ae878] ajax_create: excludeCredentials => []
[2022-03-18 13:04:11][4ae878] ajax_create: user_verification => "true"
[2022-03-18 13:04:11][4ae878] ajax_create: Challenge sent
The browser provides a message that I may require a newer or different type of key
I have tried several different fido u2f keys from 4 different manufacturers
Seems like you have user verification enabled. U2F doesn't support user verification however and the procedure failed on the browser side.
Changing that makes no difference. Seems that sodium is required. Never heard of that.
[2022-03-18 19:36:53][423770] ajax_create: Start
[2022-03-18 19:36:53][423770] ajax_create: name => "Yubi", type => "none", usernameless => "false"
[2022-03-18 19:36:53][423770] ajax_create: user => "chris"
[2022-03-18 19:36:53][423770] ajax_create: excludeCredentials => []
[2022-03-18 19:36:53][423770] ajax_create: user_verification => "true"
[2022-03-18 19:36:53][423770] ajax_create: Challenge sent
[2022-03-18 19:37:54][1c27e4] ajax_create: Start
[2022-03-18 19:37:54][1c27e4] ajax_create: name => "Yubi", type => "none", usernameless => "false"
[2022-03-18 19:37:54][1c27e4] ajax_create: user => "chris"
[2022-03-18 19:37:54][1c27e4] ajax_create: excludeCredentials => []
[2022-03-18 19:37:54][1c27e4] ajax_create: user_verification => "true"
[2022-03-18 19:37:54][1c27e4] ajax_create: Challenge sent
[2022-03-18 22:05:27][0d6e07] user_verification: "true"->"false"
[2022-03-18 22:05:53][e99606] ajax_create: Start
[2022-03-18 22:05:53][e99606] ajax_create: name => "yubi", type => "none", usernameless => "false"
[2022-03-18 22:05:53][e99606] ajax_create: user => "chris"
[2022-03-18 22:05:53][e99606] ajax_create: excludeCredentials => []
[2022-03-18 22:05:53][e99606] ajax_create: user_verification => "false"
[2022-03-18 22:05:53][e99606] ajax_create: Challenge sent
[2022-03-18 22:05:58][46269d] ajax_create_response: Client response received
[2022-03-18 22:05:58][46269d] ajax_create_response: name => "yubi", type => "none", usernameless => "false"
[2022-03-18 22:05:58][46269d] ajax_create_response: data => {"id":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ","type":"public-key","rawId":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ==","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiNTlQV1FTUjhkN1FOZlNxSFV5TWZ4clB2emw0RFZQc3lSX3F5WjR6S2xmayIsIm9yaWdpbiI6Imh0dHBzOi8vd3d3LmJyZWFkc2FsbGNodXJjaC5vcmcudWsiLCJjcm9zc09yaWdpbiI6ZmFsc2V9","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEIzhm+TPpHQCUHMFs7oxwe2j7cKCrJscX4VHFQY+R0BZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOTxZUKCQEJKbfbQbaEh943FruG9he7X7y0iLIq6qddqzdHXBg+SxogHExEKWvZXjpzGExYqMQaKj5TcHNIRcGGlAQIDJiABIVggAAuoRwb5bhhxLpKN0IgIoAfkwbOZeGS6ZLuj0zDOXCsiWCCUOHwUOEgfVtRRQINB7mNFc6qJJSgZfCTH7C8CltsuqQ=="}}
[2022-03-18 22:05:58][46269d] ajax_create_response: Credential ID unique check passed
[2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)The extension "sodium" is not available. Please install it to use this method
[2022-03-18 22:05:58][46269d] Traceback:
1) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-admin/admin-ajax.php(187): do_action('wp_ajax_wwa_cre...')
2) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/plugin.php(474): WP_Hook->do_action(Array)
3) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array)
4) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(307): wwa_ajax_create_response('')
5) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/wwa-ajax.php(476): Webauthn\Server->loadAndCheckAttestationResponse('{"id":"5PFlQoJA...', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest))
6) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(250): Webauthn\Server->getAttestationStatementSupportManager()
7) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(336): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->__construct()
8) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/AttestationStatement/AndroidSafetyNetAttestationStatementSupport.php(97): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->initJwsVerifier()
[2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)Challenge not verified, exit
sodium is a built-in PHP extension for encryption since PHP 7.2. Please check your php.ini (extension=sodium) or contact your sever manager.
we'll add a warning in the settings page if sodium is not installed since next version.
I have same problem. PHP 8.0, Yubikey
What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?
[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed
[2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.
What is sodium?
It's a built-in PHP extension but not enabled by default on some PHP instance. You need to check whether you have enabled it.
(ERROR)Out of range. Expected: 45963, read: 126.
Have never seen this error before. I'll try to figure it out.
Sorry for the late response.
I have same problem. PHP 8.0, Yubikey
What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?
[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed [2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.
what model of yubikey do you have, also are either Require user verification or Allow to login without username active?