Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebAuthn / Passkey Registration Issue #76

Open
wisebaldone opened this issue Jan 16, 2024 · 10 comments
Open

WebAuthn / Passkey Registration Issue #76

wisebaldone opened this issue Jan 16, 2024 · 10 comments

Comments

@wisebaldone
Copy link

https://github.com/lukin/keywind/blob/bdf966fdae0071ccd46dab4efdc38458a643b409/theme/keywind/login/webauthn-register.ftl#L47C11-L47C11

I was getting compilation issues on the above line for keycloak 23.0.3, made the adjustments to

signatureAlgorithms: '<#list signatureAlgorithms as sigAlg>${sigAlg}<#sep>,</#list>'

and seemed to be resolved.
@majdslmt
Copy link

I have same problem
2024-01-20 16:30:54,452 ERROR [org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider] (executor-thread-1) Failed to process template: org.keycloak.theme.FreeMarkerException: Failed to process template webauthn-register.ftl

at org.keycloak.theme.freemarker.DefaultFreeMarkerProvider.processTemplate(DefaultFreeMarkerProvider.java:52)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.processTemplate(FreeMarkerLoginFormsProvider.java:559)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createForm(FreeMarkerLoginFormsProvider.java:352)

at org.keycloak.authentication.requiredactions.WebAuthnRegister.requiredActionChallenge(WebAuthnRegister.java:165)

at org.keycloak.services.managers.AuthenticationManager.executeAction(AuthenticationManager.java:1335)

at org.keycloak.services.managers.AuthenticationManager.lambda$executionActions$18(AuthenticationManager.java:1282)

at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)

at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:400)

at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)

at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)

at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)

at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:528)

at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)

at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)

at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)

at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)

at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)

at org.keycloak.services.managers.AuthenticationManager.executionActions(AuthenticationManager.java:1283)

at org.keycloak.services.managers.AuthenticationManager.actionRequired(AuthenticationManager.java:1171)

at org.keycloak.services.managers.AuthenticationManager.nextActionAfterAuthentication(AuthenticationManager.java:1018)

at org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:1053)

at org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:1035)

at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$requiredActionGET_900f1400af417d7ade6b5fdd106784903c8de34e.invoke(Unknown Source)

at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)

at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)

at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)

at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)

at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)

at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)

at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)

at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)

at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)

at java.base/java.lang.Thread.run(Thread.java:840)

Caused by: freemarker.core.NonStringOrTemplateOutputException: For "${...}" content: Expected a string or something automatically convertible to string (number, date or boolean), or "template output" , but this has evaluated to a sequence (wrapper: f.t.SimpleSequence):

==> signatureAlgorithms!"[]"?no_esc [in template "webauthn-register.ftl" at line 47, column 42]

@wisebaldone
Copy link
Author

@lukin did you want to keep a level of backwards compatibility or are you okay with me submitting a pull request to make minimum keycloak v23 with the required fixes.

@youss6f
Copy link

youss6f commented Feb 5, 2024

@wisebaldone your fix works, but after that the Register button doesn't work

@wisebaldone
Copy link
Author

@youss6f a firefox user Im guessing, it has an unrelated issue which is

keywind/src/data/webAuthnRegister.ts

Line 171 in bdf966f

result instanceof PublicKeyCredential &&
isnt the correct type so the If statement bails out, works on chrome though:

In my fix I just blindly cast it

let cred = result as PublicKeyCredential;
let response = cred.response as AuthenticatorAttestationResponse;

and rewrote the rest of the handler to use the casted variables. Youll need to do the same for webAuthnAuthenticate for FireFox.

@youss6f
Copy link

youss6f commented Feb 6, 2024

@youss6f a firefox user Im guessing, it has an unrelated issue which is

keywind/src/data/webAuthnRegister.ts

Line 171 in bdf966f

result instanceof PublicKeyCredential &&

isnt the correct type so the If statement bails out, works on chrome though:
In my fix I just blindly cast it

let cred = result as PublicKeyCredential; let response = cred.response as AuthenticatorAttestationResponse;

and rewrote the rest of the handler to use the casted variables. Youll need to do the same for webAuthnAuthenticate for FireFox.

I'm a chrome user.
I just edited signatureAlgorithms: '<#list signatureAlgorithms as sigAlg>${sigAlg}<#sep>,</#list>'
With that i got rid of the server problem error after login. But register button don't make any action.

What else i need to do? And could you maybe post a pull request or send your complete fix?
I'm on the latest keycloak version.

@scheibling scheibling mentioned this issue Mar 2, 2024
Open
@scheibling
Copy link

@youss6f I've opened a pull request (#85) with a fix that works for both pre- and post-21 versions. It's basically your suggestion but with an extra check for previous versions where the old method was required

@useEffects
Copy link

any update on this?

@scheibling
Copy link

@useEffects There's a pull request with a fix (#85) pending

@useEffects
Copy link

can confirm, it solves the issue. thank you @scheibling

@scheibling
Copy link

While I'd love to take the credit, @paulwer did all the hard work, I just pasted it into a pull request :-) #57 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@wisebaldone @majdslmt @scheibling @youss6f @useEffects