Hi!
When we register tokens we type the name of the user in the description field of the token. Now it appears that when we register a Yubikey as a U2F token ande type the name of the user in description, the name gets replaced by a text like “Yubico U2F EE Serial 2196…”. It is possible to change that later, but shouldn’t it stick when entered while registering the token?
/Bengt
Why are you typing the username into the description field? You see the username from the assignment of the token.
Are you sure, you are typing it into the description field?
Looking at the code, if you provide a description this should be used and the name of the u2f token should only be used if you do not provide a description.
Yes, you can change the description later. Users or admins can change the description, if they have the right assigned in a policy.
We type the name of the user in the Description field of the token (givenname surname, not the username) to make it a bit easier to find. Also, there is no filter on the username column in the tokens view. Anyway, registering a Yubikey as U2F:
Enrollment successful:
Then clicking the token serial:
Editing the description field from here is no problem, but I guess that whatever is written in the description field during enrollment should show in the description field here as well. We also use TOTP tokens and whats written in the description field during enrollment remains there.
Also, I am not sure if “Test token” is supposed to work with U2F tokens (it doesn’t when I try). A message appears “Please confirm with your U2F token (Yubico U2F EE Serial…” but the Yubikey never starts blinking. Test token works fine with TOTP tokens.
Authentication works fine with Yubikey in U2F mode together with SimpleSAMLphp. We use it in authproc setup for selected services. However, we also have PI configured as an authsource and with the new 1.9 PrivacyIDEA module U2F authentication does actually not work (authproc auth does). TOTP tokens work either way. The 1.8 module does not have this issue. Should this be reported in the Github repo for the module?
/Bengt
Hello! Long time…
Hereby confirmed that the same applies when enrolling WebAuthn tokens as well.
Kind regards
Bengt
Which version are you using?
PI version 3.6.3 running on Ubuntu 18.04.6 LTS here.
I also wonder a bit about WebAuthn and the Mac fingerprint sensor (2017 MacBookPro, T1). I thought it could be used as a WebAuthn token but it fails to register when i try (Chrome) or doesn’t show up at all (Firefox). Doesn’t really matter, we have no intention of using integrated tokens at the moment, just curious…
/Bengt
I created an issue Can not set description for WebAuthn Tokens · Issue #2953 · privacyidea/privacyidea · GitHub
Wait, this will be only available in v3.7 and is not released, yet.