Hi, Your fix seems to have been included ion the latest 7.2, I can now register webauthn devices through the account profile management BUT, I still cannot register webauthn devices if I have multiples MFA providers (in my cas webauthn and gauth) Regards,
here are my logs when I try to register a webauthn device with both MFA poviders : browser's console : Request : *_csrf: "pPOlLr91F7EsX5z[... blahblahblah ...]w_XI-nzfe9type: "webauthn"_eventId_register: "Register"execution: 537c7786-8f9b-4a65[...blahblahblah...]pZWlhOVUyOFo2TjVn* server logs : *2025-04-10 14:37:51,113 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested original ticket id [TGT-3-****************x0K3OY0-mycasserver] to [404b8927b61268... blahblahblah ...88ae3265ccee]>2025-04-10 14:37:51,114 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket passed is not an encoded ticket: [TicketGrantingTicketImpl], no decoding is necessary.>2025-04-10 14:37:51,116 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@61f603b6]>2025-04-10 14:37:51,130 DEBUG [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] - <Registration key URI is [otpauth://totp/Gauth:frederic.dussurget?secret=****************]>2025-04-10 14:37:51,422 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested original ticket id [TGT-1-****************Bi4ogU4- mycasserver ] to [837caa4f9326 ... blahblahblblah ... 3e9314859c5af98bc4721]>* ... and when I'm trying to do the same thing with only the webauth MFA provider (flushed gauth from everywhere : build.gradle, services, cas.yml): *2025-04-10 15:02:06,834 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested original ticket id [TGT-5-****************1a-b1g4- mycasserver ] to [f8ee5dd65ddda53fc60d50acf8 ... blajblahblah ... e47a09b39c1c38]>2025-04-10 15:02:06,835 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket passed is not an encoded ticket: [TicketGrantingTicketImpl], no decoding is necessary.>2025-04-10 15:02:06,838 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@5c09bcba]>2025-04-10 15:02:06,861 DEBUG [org.apereo.cas.webauthn.web.flow.WebAuthnStartRegistrationAction] - <Starting registration sequence for [SimplePrincipal(id=frederic.dussurget, attributes=* Le jeudi 5 décembre 2024 à 15:49:23 UTC+1, Frédéric Dussurget a écrit : > Thanks a lot for that ! I hope someone will fix it with your fix. > Until now, I had to register my webauthn devices for testing by accessing > directly to a service protected by webauthn > Regards, > > Le jeudi 5 décembre 2024 à 15:19:01 UTC+1, P Assenger a écrit : > >> Two PRs should correct the issue with webauthn device registration. I do >> not know if the crossover with mfa-gauth is also corrected, as I wanted >> to get webauthn registration working for POC purpose, only. >> >> Note that, for now, the two PRs are rejected as there is no test >> associated to them: >> >> - PR ( 7.1.x) https://github.com/apereo/cas/pull/6252 >> - PR (master) : https://github.com/apereo/cas/pull/6254 >> >> >> Modification is trivial so the patch should be easy to apply for other >> revisions. >> >> Regards, >> >> P. >> Le jeudi 28 novembre 2024 à 02:59:25 UTC+1, P Assenger a écrit : >> >>> Hi, >>> We encounter the same issue under v7.1.2, with only the web-authn >>> dependencies : while the new device is registered, an error occurs at the >>> interface. >>> >>> In CAS logs, the error is as you described it : *Exception thrown in >>> state 'viewRegistrationWebAuthn' of flow 'account'.* Albeit with this >>> added message : *no ''saveRegistration' state in flow 'account'.* >>> >>> The culprit code seems to be in " >>> *support/cas-server-support-webauthn-core-webflow/src/main/java/org/apereo/cas/webauthn/web/flow/account/WebAuthnMultifactorAccountProfileWebflowConfigurer.java*'. >>> >>> BTW, this class does not seem to have a TestCase. >>> >>> Harsh to be blocked on such a problem :(. >>> >>> P. >>> >>> Le mercredi 11 septembre 2024 à 16:21:46 UTC+2, Frédéric Dussurget a >>> écrit : >>> >>>> Hi, >>>> >>>> Context : version=7.2.0-SNAPSHOT >>>> >>>> Extract of build.gradle : >>>> //MFA TOTP >>>> implementation "org.apereo.cas:cas-server-support-gauth" >>>> implementation "org.apereo.cas:cas-server-support-gauth-redis" >>>> >>>> // MFA FIDO2 WEBAUTHN >>>> implementation "org.apereo.cas:cas-server-support-webauthn" >>>> implementation "org.apereo.cas:cas-server-support-webauthn-redis" >>>> >>>> //MFA TRUSTED DEVICE >>>> implementation "org.apereo.cas:cas-server-support-trusted-mfa" >>>> implementation >>>> "org.apereo.cas:cas-server-support-trusted-mfa-redis" >>>> >>>> My issue : >>>> I have an issue with Account Profile Management (/cas/login page), but >>>> only with webauthn devices (mfa-gauth devices work fine) : >>>> >>>> - with build.gradle containing only web-authn dependencies, I'm able to >>>> register a webauthn device thru account profile management, but I get an >>>> 500 error message at the very end of the ceremony : >>>> Error: jakarta.servlet.ServletException: Request processing failed: >>>> org.springframework.webflow.execution.FlowExecutionException: Exception >>>> thrown in state 'viewRegistrationWebAuthn' of flow 'account' >>>> >>>> BUT, the webauthn device is registered and fully functionnal. >>>> >>>> - with build.gradle containing web-authn AND mfa-gauth dependencies, I >>>> cannot get the webauthn device registering ceremony : every time I end up >>>> on the mfa-gauth device registering ceremony. So, the only way to register >>>> mfa-webauthn devices is on the fly, accessing directly to a service. >>>> >>>> Regards, >>>> >>>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd0add4d-d1e1-40f9-bd05-26641681c0d6n%40apereo.org.
