U2F with Yubikey
120 views
Skip to first unread message
hahnschwegwe
Apr 5, 2017, 8:36:35 AM4/5/17
to privacyidea
Hello,
I installed the privacyIDEA server and the owncloud App. I can authenticate with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in privacyIDEA to my user. I followed this tutorials
I did all the settings at the server.
If i now want to login with the u2f device, the nextcloud app tells me:
"privacyIDEA
Please authenticate using the selected factor.
Failed to trigger challenges.
OTP => Verify"
But I do not have an OTP for U2F and the Yubikey is not blinking.
In the Nextcloud App, I entered the privacyIDEA admin account as the service account for the challenge-response tokens.
I also can't test my U2F Yubikey in privacyIDEA. I enter the PIN and it says "Please confirm with your U2F token (Yubico U2F EE Serial ...)"
Then the Yubikey does not blink and if I push the button I get the same error message.
Any ideas?
Best regards
hahnschwegwe
Apr 5, 2017, 9:07:18 AM4/5/17
to privacyidea
Here is an log entry for testing the u2f device in privacyIDEA
[2017-04-05 15:04:58,099][9020][140374156080896][ERROR][privacyidea.lib.auditmodules.sqlaudit:266] DATA: {'info': 'Please confirm with your U2F token (Yubico U2F EE Serial 250569226176)', 'realm': '', 'tokentype': None, 'success': False, 'privacyidea_server': 'otp.my.domain.de', 'client_user_agent': 'chrome', 'client': 'xxx.xxx.xxx.xxx', 'user': '', 'action_detail': '', 'action': 'POST /validate/check', 'serial': u'U2F0002A097'}
I changed the fqdn and the client ip address.
Best regards.
iamo...@gmail.com
Apr 5, 2017, 9:08:39 AM4/5/17
to privacyidea
Hi,
this is also what i wanted to ask. If we are to use U2F for the token, can a remote client enroll a U2F Key using the WebGui but the key is on usb port of the remote client??
Regards,
Jojo
this is also what i wanted to ask. If we are to use U2F for the token, can a remote client enroll a U2F Key using the WebGui but the key is on usb port of the remote client??
Regards,
Jojo
Cornelius Kölbel
Apr 6, 2017, 12:05:34 PM4/6/17
to privacyidea
The U2F needs to be connected to your client machine. Yes, your a.k.a. remote client.
But you probably fail, because you have no supported browser.
I recommend chrome, which works out of the box.
You can use firefox with the corresponding plugin.
Kind regards
Cornelius
hahnschwegwe
Apr 11, 2017, 2:37:58 AM4/11/17
to privacyidea
Upgrading the server to 2.18.1 solved the problem :-)
Reply all
Reply to author
Forward
0 new messages