Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15835

WebAuthn Nodes does not work when Relying Party domain is used.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0, 6.5.1, 6.5.2, 6.5.2.1, 6.5.2.2
    • Fix Version/s: 6.5.2.3, 6.5.3
    • Component/s: authentication, webauthn
    • Labels:
    • Target Version/s:
    • Rank:
      1|hzzr53:
    • Sprint:
      AM Sustaining Sprint 71
    • Story Points:
      2
    • Needs backport:
      No
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      The WebAuthentication Registration nodes does let one register and use WebAuthn RpId. However it seems that the WebAuthn Authentication Node although have the configuration for the RpId, it is not configured and not setup. Hence all the WebAuthn authentication with RpId is not working.

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Create A WebAuthN Registration Node with a RpId say example.com (if the AM is openam.example.com). Try to register the client to make it work
      2. Create a WebAuthn Authentication with RpId example.com and test if this work
      Expected behaviour
      Fails to work. Unable to authenticate. In fact if say the AM is multi-domain hosted. (eg say we have openam.example.com and lb.example.com), if the RpId is set for example.com (for registration) the WebAuthn credential should be usable when AM for both of this site is accessed.
      
      Current behaviour
      If RpId is not set, all works but if the RpId is set teh WebAuthn will not work. 
      

      Work around

      None. Just not able to use RpId until this is solved

      Code analysis

       

      When doing the Navigator.create() for the WebAuthn the required RpId is used by Registration is not matches the same for when used in Authentication node.
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: