Closed Bug 1532317 Opened 7 years ago Closed 6 years ago

inconsistent U2F support for AWS IAM console login page

Categories

(Core :: DOM: Web Authentication, defect, P2)

Product:
Core
Component:
DOM: Web Authentication
Version:
66 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: rkeiii, Assigned: jcj, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36

Steps to reproduce:

  1. Visit an AWS IAM account login page i.e. "http://$companyName.signin.aws.amazon.com/"
  2. Enter IAM account, username and password of an account with a U2F 2FA token enabled

Actual results:

Using the latest Firefox beta (Firefox 66) and the latest stable (Firefox 65) more than 75% of the time the browser appears to go forward to the U2F token prompt then very quickly returns to the login page without ever waiting for me to touch my U2F token (Yubico Yubikey 5 NFC). This seems to be some type of timing/race bug because playing around trying to very quickly hit the login button and press the 2FA token button sometimes works and then the site properly waits for the token.

Expected results:

The browser should advance from the IAM account/username/password login page to the U2F token prompt page. Instead the browser very quickly bounces from the initial login page, to the U2F page and then back to the login page claiming I incorrectly entered my credentials (which I did not).

My apologies for the bug report if this is a bug in AWS' javascript. I just realized after further testing U2F appears to work properly if I mouse click the signing button after entering the account/username/password on this page. However if I instead use the [Enter] key to attempt to advance from the main IAM login page to the U2F token input screen it exhibits the behaviour mentioned above in the initial bug report. Very weird..

Component: Untriaged → DOM: Device Interfaces
Product: Firefox → Core

I also gave an incomplete URL for the IAM console login page. The correct URL format is: http://${iamAccount}.signin.aws.amazon.com/console

Component: DOM: Device Interfaces → DOM: Web Authentication

This is probably AWS' javascript. I won't be able to investigate this immediately, though, so marking P2.

Assignee: nobody → jjones
Priority: -- → P2
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

I can't reproduce it, even with the Enter key. Can you double-check?

I looked through their JavaScript for things that have hung it up before -- like embedding the u2f-api.js into other code that then doesn't run correctly, etc. -- and didn't see any obvious problems... so I don't know!

Flags: needinfo?(rkeiii)

Resolving invalid for being stale. Still can't repro. Reopen if needed.

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.