Date: Thu, 05 Sep 2024 01:29:34 +0000 From: Hotaka Korenori <chaplintokyo@vivaldi.net> To: questions@freebsd.org Subject: Re: FIDO2 security key (YubiKey 5 NFC) and WebAuthn Message-ID: <1725499586705.347452092.1360397@vivaldi.net> In-Reply-To: <20240904104643.ab27db8cc7abc7068fff98ee@magnetkern.de> References: <20240904104643.ab27db8cc7abc7068fff98ee@magnetkern.de>
next in thread | previous in thread | raw e-mail | index | archive | help
------sinikael-?=_1-17254997749430.2092336319932011 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, I am a newbie here but having a similar issue with Yubikey 5 NFC on Firefox= on GhostBSD (FreeBSD 14.1 based). I reached out to Yubikey support and = this is the response I got. I haven't yet tried the suggested check re = pcscd but this does seem to be what the folks at Yubikey seem to feel is = the most likely issue. Chaplintokyo Michael (Yubico) Sep 3, 2024, 11:13=E2=80=AFAM PDT Hello, =20 Thank you for contacting Yubico Support! Michale here, sorry to hear about = this issue! =20 I'm afraid GhostBS falls outside our scope of support as it is a linux = distribution. You would need to reach out to them directly. Sorry about = that! =20 I do have one suggestion, however, and that is to be sure that the pcscd = daemon is running; you can use the following command in the terminal if you= are using systemd: sudo systemctl status pcscd =20 =20 I hope this helps! Please let me know if you have any further questions. = Otherwise, have a great day! =20 Kind regards, Michael Customer Support Specialist | Yubico On 2024=E5=B9=B409=E6=9C=8804=E6=97=A5 17=E6=99=8246=E5=88=8643=E7=A7=92 = (+09:00), Jan Behrens wrote: > Hello, > > I have a problem with my FIDO2 security key (which is a YubiKey 5 NFC). > As I'm unsure whether this is an issue of FreeBSD or Firefox, I ask > here. > > Originally, I made a post on the FreeBSD forum, but didn't get a > helpful response regarding this issue yet: > https://forums.freebsd.org/threads/94605/ > > In here, I only want to discuss the WebAuthn issue in Firefox, and not > the potential security issue regarding "pcscd" also mentioned on the > forum. (I made a post to the freebsd-security mailing list in that > matter.) > > The Firefox related problem is as follows: When I go to > https://webauthn.io/ and click on "Authenticate" (this is reproducible > without a hardware token), then Firefox asks me: > > "Touch your security key to continue with webauthn.io." > > If I press cancel and try again, the website will from then on respond > with: > > "The request is not allowed by the user agent or the platform in the > current context, possibly because the user denied permission." > > Similar errors happen on other websites providing WebAuthn login. > > This is until I switch to the text console using CTRL+ALT+F1 and back > to X using CTRL+ALT+F9. Afterwards I can perform WebAuthn registration > or authentication once more using Firefox, but only once. After an > unsuccessful or successful registration or authentication, it won't > work until I switch back to text console and back. > > If I have several Firefox windows with different profiles open, only > the first attempt will be executed, and all other windows will fail > from then on. > > This problem doesn't seem to exist in Chromium. However, I don't > understand why switching to the text console and back to X is a > workaround. This is why I suspect there might be something FreeBSD > related to this problem? > > Can anyone reproduce this behavior of Firefox using FreeBSD? I'm using > package "firefox-130.0_1,2" and FreeBSD 14.1-RELEASE-p3. > > Kind Regards, > Jan Behrens > > --=20 Sent with Vivaldi Mail. Download Vivaldi for free at vivaldi.= com ------sinikael-?=_1-17254997749430.2092336319932011 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><span class=3D"viv-signature"></span><div>Hi,= </div><div><br></div><div>I am a newbie here but having a similar issue = with Yubikey 5 NFC on Firefox on GhostBSD (FreeBSD 14.1 based). I = reached out to Yubikey support and this is the response I got. I = haven't yet tried the suggested check re pcscd but this does seem to be = what the folks at Yubikey seem to feel is the most likely issue.= </div><div><br></div><div>Chaplintokyo</div><div><br></div><div><table = style=3D"font-family: "Helvetica Neue", Verdana, Arial, = sans-serif;" class=3D"zd-liquid-comment" width=3D"100%" cellpadding=3D"0" = cellspacing=3D"0" border=3D"0" role=3D"presentation"><tbody><tr><td = style=3D"border-collapse: collapse; border-top: 1px dotted rgb(197, 197, = 197); padding: 15px 0px;" width=3D"100%"><table style=3D"table-layout: = fixed;" width=3D"100%" cellpadding=3D"0" cellspacing=3D"0" border=3D"0" = role=3D"presentation"><tbody><tr><td style=3D"border-collapse: collapse; = margin: 0px; padding: 0px;" width=3D"100%" valign=3D"top"><p = style=3D"color: rgb(27, 29, 30); padding: 0px; margin-top: 0px; = margin-bottom: 0px; line-height: 18px; font-size: 15px; font-family: = "Lucida Grande", "Lucida Sans Unicode", "Lucida = Sans", Verdana, Tahoma, sans-serif;" dir=3D"ltr"><strong>Michael</stro= ng> (Yubico)</p><p style=3D"color: rgb(187, 187, 187); padding: 0px; = margin-top: 0px; margin-bottom: 15px; line-height: 25px; font-size: 13px; = font-family: "Lucida Grande", "Lucida Sans Unicode", = "Lucida Sans", Verdana, Tahoma, sans-serif;" dir=3D"ltr">Sep 3, = 2024, 11:13=E2=80=AFAM PDT</p><div style=3D"margin: 15px 0px; line-height: = 22px; color: rgb(43, 46, 47);" class=3D"zd-comment" dir=3D"auto">Hello,= <br> <br>Thank you for contacting Yubico Support! Michale here, sorry = to hear about this issue!<br> <br>I'm afraid GhostBS falls outside our= scope of support as it is a linux distribution. You would need to reach = out to them directly. Sorry about that!<br> <br>I do have one = suggestion, however, and that is to be sure that the pcscd daemon is = running; you can use the following command in the terminal if you are using= systemd: <code style=3D"border: 1px solid rgb(234, 234, 234); = padding: 0px 5px; margin: 0px 2px; font-size: 13px; font-family: Consolas, = Menlo, Monaco, "system-ui", -apple-system, BlinkMacSystemFont, = "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, = "Helvetica Neue", monospace, Arial, "sans-serif"; = background-color: rgb(248, 248, 248); white-space-collapse: preserve;">sudo= systemctl status pcscd </code> <br> <br>I hope this helps! = Please let me know if you have any further questions. Otherwise, have a = great day!<br> <br><div class=3D"signature"><p style=3D"margin: 15px = 0px; line-height: 22px;" dir=3D"ltr">Kind regards,</p><p style=3D"margin: = 15px 0px; line-height: 22px;" dir=3D"ltr">Michael<br>Customer Support = Specialist | Yubico</p></div></div><p dir=3D"ltr"></p></td></tr></tbody></t= able></td></tr></tbody></table><p style=3D"color: rgb(51, 51, 51); = font-family: "Helvetica Neue", Verdana, Arial, sans-serif; = font-size: 12px;" dir=3D"ltr"></p><table style=3D"font-family: = "Helvetica Neue", Verdana, Arial, sans-serif;" = class=3D"zd-liquid-comment" width=3D"100%" cellpadding=3D"0" = cellspacing=3D"0" border=3D"0" role=3D"presentation"><tbody><tr><td = style=3D"border-collapse: collapse; border-top: 1px dotted rgb(197, 197, = 197); padding: 15px 0px;" width=3D"100%"></td></tr></tbody></table></div><d= iv><br></div><div>On 2024=E5=B9=B409=E6=9C=8804=E6=97=A5 = 17=E6=99=8246=E5=88=8643=E7=A7=92 (+09:00), Jan Behrens = wrote:<br></div><div><br></div><div>> Hello,<br></div><div>> = <br></div><div>> I have a problem with my FIDO2 security key (which is a= YubiKey 5 NFC).<br></div><div>> As I'm unsure whether this is an issue = of FreeBSD or Firefox, I ask<br></div><div>> here.<br></div><div>> = <br></div><div>> Originally, I made a post on the FreeBSD forum, but = didn't get a<br></div><div>> helpful response regarding this issue = yet:<br></div><div>> https://forums.freebsd.org/threads/94605/<br></div>= <div>> <br></div><div>> In here, I only want to discuss the WebAuthn = issue in Firefox, and not<br></div><div>> the potential security issue = regarding "pcscd" also mentioned on the<br></div><div>> forum. (I made a= post to the freebsd-security mailing list in that<br></div><div>> = matter.)<br></div><div>> <br></div><div>> The Firefox related problem= is as follows: When I go to<br></div><div>> https://webauthn.io/ and = click on "Authenticate" (this is reproducible<br></div><div>> without a = hardware token), then Firefox asks me:<br></div><div>> = <br></div><div>> "Touch your security key to continue with webauthn.io.= "<br></div><div>> <br></div><div>> If I press cancel and try again, = the website will from then on respond<br></div><div>> = with:<br></div><div>> <br></div><div>> "The request is not allowed by= the user agent or the platform in the<br></div><div>> current context, = possibly because the user denied permission."<br></div><div>> = <br></div><div>> Similar errors happen on other websites providing = WebAuthn login.<br></div><div>> <br></div><div>> This is until I = switch to the text console using CTRL+ALT+F1 and back<br></div><div>> to= X using CTRL+ALT+F9. Afterwards I can perform WebAuthn = registration<br></div><div>> or authentication once more using Firefox, = but only once. After an<br></div><div>> unsuccessful or successful = registration or authentication, it won't<br></div><div>> work until I = switch back to text console and back.<br></div><div>> = <br></div><div>> If I have several Firefox windows with different = profiles open, only<br></div><div>> the first attempt will be executed, = and all other windows will fail<br></div><div>> from then on.= <br></div><div>> <br></div><div>> This problem doesn't seem to exist = in Chromium. However, I don't<br></div><div>> understand why switching = to the text console and back to X is a<br></div><div>> workaround. This = is why I suspect there might be something FreeBSD<br></div><div>> = related to this problem?<br></div><div>> <br></div><div>> Can anyone = reproduce this behavior of Firefox using FreeBSD? I'm = using<br></div><div>> package "firefox-130.0_1,2" and FreeBSD 14.= 1-RELEASE-p3.<br></div><div>> <br></div><div>> Kind Regards,= <br></div><div>> Jan Behrens<br></div><div>> <br></div><div>> = </div><br><span class=3D"viv-signature-below"><br>-- <br>Sent with = Vivaldi Mail. Download Vivaldi for free at vivaldi.= com</span></body></html> ------sinikael-?=_1-17254997749430.2092336319932011--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1725499586705.347452092.1360397>