Closed Bug 1609393 Opened 6 years ago Closed 6 years ago

Webauthn user verification request not complied with during registration and probably during authentication.

Categories

(Core :: DOM: Web Authentication, enhancement)

Product:
Core
Component:
DOM: Web Authentication
Version:
72 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1530373

People

(Reporter: gilles.lorrain, Unassigned)

Details

Attachments

(1 file)

By way of example : Chrome behaviour with same parameters
91.93 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36

Steps to reproduce:

Tested on Firefox 72.0.1 64 bits with Yubikey 5

  1. Use a webauthn demo website ( like https://webauthn.io/ )
  2. Specify "Required" in UserVerificationRequirement ( https://www.w3.org/TR/webauthn/#userVerificationRequirement )
  3. Validate enrolment

This behaviour is also documented in https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API in "Registration", step 3

Actual results:

Cannot validate enrolment with key : no window to enter PIN Code.

Expected results:

As with PIV/Certificate authentication, a window should open to request the PIN code.

User agent of Firefox during the test : Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

This behavior still exists in 73.0b8.
Right now, this is the reason Firefox can not be used for logging in to Azure AD when using FIDO2.

Windows Hello, if enabled, would be the mechanism to handle the PIN code, and that should work. Do you see the OS-level dialog take-over during the login process?

If you do not have Windows Hello enabled, then this is expected, as Firefox itself doesn't support CTAP2 yet, and this would be a duplicate of Bug 1530373.

Flags: needinfo?(gilles.lorrain)

(In reply to J.C. Jones [:jcj] (he/him) from comment #3)

Windows Hello, if enabled, would be the mechanism to handle the PIN code, and that should work. Do you see the OS-level dialog take-over during the login process?

If you do not have Windows Hello enabled, then this is expected, as Firefox itself doesn't support CTAP2 yet, and this would be a duplicate of Bug 1530373.

I don't have Windows Hello enabled, so this is a duplicate of bug 1530373
Sorry to hear that, for a corporate deployment this blocks us strongly as it is not possible for us to offer a secure passwordless experience to our employees with Webauthn.

Thank you for your prompt response.

Flags: needinfo?(gilles.lorrain)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: