Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Key not working under macosx #183

Open
MisterBianco opened this issue Jan 8, 2021 · 3 comments
Open

Security Key not working under macosx #183

MisterBianco opened this issue Jan 8, 2021 · 3 comments
Labels
bug waiting Waiting for answer

Comments

@MisterBianco
Copy link

I am using a thetis u2f fido2 security key and when I use the command:

aws-adfs login --u2f-trigger-default --profile=master --adfs-host=HOSTNAME --no-ssl-verification

I get the following error:

Sending request for authentication
Waiting for additional authentication
Triggering authentication method: 'WAPO4R15C9P36B8RW0BK'
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/threading.py", line 950, in _bootstrap_inner
    self.run()
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/threading.py", line 888, in run
    self._target(*self._args, **self._kwargs)
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/site-packages/aws_adfs/_duo_authenticator.py", line 126, in _perform_authentication_transaction
    transaction_id = _begin_authentication_transaction(
  File "/Users/_/.pyenv/versions/3.9.0/lib/python3.9/site-packages/aws_adfs/_duo_authenticator.py", line 572, in _begin_authentication_transaction
    raise click.ClickException(
click.exceptions.ClickException: Cannot begin authentication process. The error response: {"stat": "FAIL", "message": "Unknown authentication method."}

I have ensured that the security key is set to be the default device and I can see from the verbose print out that the query used to find u2f keys is returning 0 results as the key doesnt match the query. I can send the full verbose logs but would prefer it be non public.

I have also verified that my system recognizes the key correctly.

aws-adfs version: 1.24.5
mac osx: 10.15.7
python version: 3.9.0
@pdecat
Copy link
Collaborator

pdecat commented Sep 21, 2021

Hi @MisterBianco, does your thetis u2f fido2 security key work with the same command on Linux?

@pdecat pdecat added the bug label Sep 23, 2021
@pdecat pdecat added the waiting Waiting for answer label Jan 26, 2022
@bdwyertech
Copy link

bdwyertech commented Jan 30, 2022
edited
Loading

I think Duo dropped support for U2F and is now forcing webauthn. Had same thing start happening in my app recently (Golang).

Update:
Looks like Google dropped u2f support and this caused some others to drop support for the protocol.

Ref: https://gitlab.com/gitlab-org/gitlab/-/issues/346662

@pdecat
Copy link
Collaborator

pdecat commented Jan 31, 2022
edited
Loading

I'm working on moving from U2F to webauthn since last week. Interaction with website seems ok, but I'm facing issues performing the challenge with USB key.

@pdecat pdecat mentioned this issue Jan 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug waiting Waiting for answer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pdecat @bdwyertech @MisterBianco