Need help on FIDO register using REST API

Question

Need help on FIDO register using REST API

wsideveloper opened this issue 3 years ago · comments

I am doing this setup having a REST server that sits between SKFS and web client:

SKFS (port 8181) ---- REST server --- Web client

I can do a end-to-end preregisteration process but have difficulty completing a registration request with FIDO server. I am getting these errors in the server.log:

[2021-11-17T09:47:16.260+0800] [Payara 5.2020.7] [SEVERE] [FIDO-ERR-0006] [SKFS] [tid: _ThreadID=64 _ThreadName=http-thread-pool::http-listener-2(1)] [timeMillis: 1637113636260] [levelValue: 1000] [[
FIDO-ERR-0006: User session in-active: ]]

[2021-11-17T09:47:16.261+0800] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=64 _ThreadName=http-thread-pool::http-listener-2(1)] [timeMillis: 1637113636261] [levelValue: 1000] [[
FIDO-ERR-2001: FIDO 2 Error Message : Request timed out, please try again]]

Any idea what do they mean and what are causing them? I can complete a registration using skfsclient CLI and so SKFS server should be working.

Here is the sequence of events for my application. I masked my domain with mydomain.com.

2021-11-17 09:45:56 - root - INFO - url=https://skfs.mydomain.com:8181/skfs/rest/preregister data={
"svcinfo": {
"did": 1,
"protocol": "FIDO2_0",
"authtype": "PASSWORD",
"svcusername": "svcfidouser",
"svcpassword": "Abcd1234!"
},
"payload": {
"username": "AA",
"displayname": "Initial Registration",
"options": {}
},
"extensions": {}
}
{'Response': {'rp': {'name': 'FIDOServer', 'id': 'skfs.mydomain.com'}, 'user': {'name': 'AA', 'id': 'czoROWjkxAV3otucO3J-QHZ9dl7iT85P0LyJpUzDx48', 'displayName': 'Initial Registration'}, 'challenge': 'zHkIQS7te-xy-ZRwVrUoLA', 'pubKeyCredParams': [{'type': 'public-key', 'alg': -7}, {'type': 'public-key', 'alg': -35}, {'type': 'public-key', 'alg': -36}, {'type': 'public-key', 'alg': -8}, {'type': 'public-key', 'alg': -47}, {'type': 'public-key', 'alg': -257}, {'type': 'public-key', 'alg': -258}, {'type': 'public-key', 'alg': -259}, {'type': 'public-key', 'alg': -37}, {'type': 'public-key', 'alg': -38}, {'type': 'public-key', 'alg': -38}], 'excludeCredentials': [], 'attestation': 'direct'}}
2021-11-17 09:46:00 - root - INFO - url=https://skfs.mydomain.com:8181/skfs/rest/register data={
"svcinfo": {
"did": 1,
"protocol": "FIDO2_0",
"authtype": "PASSWORD",
"svcusername": "svcfidouser",
"svcpassword": "Abcd1234!"
},
"payload": {
"publicKeyCredential": {
"id": "0QTkpENJtyqH4HlThU2fC4HW4A_sXn4GCyUyiR8qHic",
"rawId": "0QTkpENJtyqH4HlThU2fC4HW4A_sXn4GCyUyiR8qHic",
"type": "public-key",
"response": {
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiekhrSVFTN3RlQXh5QVpSd1ZyVW9MQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
"attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZzkBAGNzaWdZAQBMo3cvjqw_89MP_xiaYHMIvGXOiCt2AzeyHPti5SGXMKoAGTByBjnUF1YYuhNr3bhMp3wj1VHro9ijd26akU3xtGm_A21pIF0nlpkzpGFzXn7KVqUofJ8aJQ1xUOQ7keI6L3CLpJ8q2vRLqakUdy3iUH_tHFBICKybXyEiIsnB9QOLAbT1I9ywWY_T1qfUONj6XgihbP_8WBwuKfsbUxSxuU8WEFSojwRaSK2JEDtiip-ae4P52hPFBS41geHeuoAln_BObcoxPe7dvsf-b2VozrjNO6MNWiM17NqJ7TyMdfWoy8269IukOeWQPSOFPUPScjTm9NJAcff28n7elVMNaGF1dGhEYXRhWQFnSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAAGAosBex1EwCtLOvza_Ja7IAINEE5KRDSbcqh-B5U4VNnwuB1uAP7F5-BgslMokfKh4npAEDAzkBACBZAQCuSxxmh4Va65WUYvUCwdxzCNJCaeyyFIAR0NkAisNwFI20G53VmcmYWPziyqFj7oq_HUMgCH8JtQxjZZEZj-oO_ND2dJcCCo6Ag_W8HrloAeVe-iy0rOeuEElzAz2YyK1vYX-73QiRH9uYzBGd88nzPYhkWmrUAw1fAIViCpAMl7uojLmK9yR6Ch7bWnKFaIwlmLsYFnVKwSDTiegMgeVzSJre80V4Lo1WLxkWUIgrPXF6O6qYJFecEOULx9un_s-52PlVVLTwqchxzVGgOmwSRlMs1yEPELEk6_T1zRULuSR6-gShbikrHvHfn4dROZaJqQZu0Aovb89BV9Q3xGoxIUMBAAE"
}
},
"strongkeyMetadata": {
"version": "1.0",
"create_location": "Sunnyvale, CA",
"origin": "http://localhost:3000",
"username": "AA"
}
}
}
HTTPError('400 Client Error: Bad Request for url: https://skfs.mydomain.com:8181/skfs/rest/register')

Pushkar Marathe · Answer 1 · Fri Nov 19 2021 04:37:31 GMT+0800 (China Standard Time)

Hi @wsideveloper ,
Our fido server is configured to delete hashmaps after 30 secs so If the time between pre register and register exceeds 30 secs, you will see an error "Request timed out, please try again".

If it is happening withing the 30 secs then we will need to debug a little more.

wsideveloper · Answer 2 · Fri Nov 19 2021 15:39:26 GMT+0800 (China Standard Time)

Hi,
The time difference between pre-register and register is only a few seconds. The event log above is an example.

Any information I can provide to give more clues?

wsideveloper · Answer 3 · Wed Nov 24 2021 07:53:02 GMT+0800 (China Standard Time)

I managed to resolve the problem. It is due to a careless mistake is making a pre-register request.
I corrected this:

"payload": {
"username": "AA",
"displayname": "Initial Registration",
"options": {}
},
"extensions": {}
}

to this:

"payload": {
"username": "AA",
"displayname": "Initial Registration",
"options": {},
"extensions": {}
}