Date: Wed, 4 Sep 2024 10:46:43 +0200 From: Jan Behrens <jbe-mlist@magnetkern.de> To: freebsd-questions@freebsd.org Subject: FIDO2 security key (YubiKey 5 NFC) and WebAuthn Message-ID: <20240904104643.ab27db8cc7abc7068fff98ee@magnetkern.de>
next in thread | raw e-mail | index | archive | help
Hello, I have a problem with my FIDO2 security key (which is a YubiKey 5 NFC). As I'm unsure whether this is an issue of FreeBSD or Firefox, I ask here. Originally, I made a post on the FreeBSD forum, but didn't get a helpful response regarding this issue yet: https://forums.freebsd.org/threads/94605/ In here, I only want to discuss the WebAuthn issue in Firefox, and not the potential security issue regarding "pcscd" also mentioned on the forum. (I made a post to the freebsd-security mailing list in that matter.) The Firefox related problem is as follows: When I go to https://webauthn.io/ and click on "Authenticate" (this is reproducible without a hardware token), then Firefox asks me: "Touch your security key to continue with webauthn.io." If I press cancel and try again, the website will from then on respond with: "The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission." Similar errors happen on other websites providing WebAuthn login. This is until I switch to the text console using CTRL+ALT+F1 and back to X using CTRL+ALT+F9. Afterwards I can perform WebAuthn registration or authentication once more using Firefox, but only once. After an unsuccessful or successful registration or authentication, it won't work until I switch back to text console and back. If I have several Firefox windows with different profiles open, only the first attempt will be executed, and all other windows will fail from then on. This problem doesn't seem to exist in Chromium. However, I don't understand why switching to the text console and back to X is a workaround. This is why I suspect there might be something FreeBSD related to this problem? Can anyone reproduce this behavior of Firefox using FreeBSD? I'm using package "firefox-130.0_1,2" and FreeBSD 14.1-RELEASE-p3. Kind Regards, Jan Behrens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240904104643.ab27db8cc7abc7068fff98ee>