U2F with Yubikey

Question
1

Hello,

I installed the privacyIDEA server and the owncloud App. I can authenticate
with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in privacyIDEA
to my user. I followed this tutorials



I did all the settings at the server.

If i now want to login with the u2f device, the nextcloud app tells me:

"privacyIDEA
Please authenticate using the selected factor.

Failed to trigger challenges.

OTP => Verify"

But I do not have an OTP for U2F and the Yubikey is not blinking.

In the Nextcloud App, I entered the privacyIDEA admin account as the
service account for the challenge-response tokens.

I also can’t test my U2F Yubikey in privacyIDEA. I enter the PIN and it
says "Please confirm with your U2F token (Yubico U2F EE Serial …)"
Then the Yubikey does not blink and if I push the button I get the same
error message.

Any ideas?

Best regards

2

Hi,

this is also what i wanted to ask. If we are to use U2F for the token, can
a remote client enroll a U2F Key using the WebGui but the key is on usb
port of the remote client??

Regards,
JojoOn Wednesday, April 5, 2017 at 2:36:35 PM UTC+2, hahnschwegwe wrote:

Hello,

I installed the privacyIDEA server and the owncloud App. I can
authenticate with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in privacyIDEA
to my user. I followed this tutorials

https://www.youtube.com/watch?v=w-ZzawYEUxw
https://www.youtube.com/watch?v=qcQlENAyxgQ
https://www.youtube.com/watch?v=0VKFGSAlL80

I did all the settings at the server.

If i now want to login with the u2f device, the nextcloud app tells me:

"privacyIDEA
Please authenticate using the selected factor.

Failed to trigger challenges.

OTP => Verify"

But I do not have an OTP for U2F and the Yubikey is not blinking.

In the Nextcloud App, I entered the privacyIDEA admin account as the
service account for the challenge-response tokens.

I also can’t test my U2F Yubikey in privacyIDEA. I enter the PIN and it
says “Please confirm with your U2F token (Yubico U2F EE Serial …)”
Then the Yubikey does not blink and if I push the button I get the same
error message.

Any ideas?

Best regards

3

Here is an log entry for testing the u2f device in privacyIDEA

[2017-04-05
15:04:58,099][9020][140374156080896][ERROR][privacyidea.lib.auditmodules.sqlaudit:266]
DATA: {‘info’: ‘Please confirm with your U2F token (Yubico U2F EE Serial
250569226176)’, ‘realm’: ‘’, ‘tokentype’: None, ‘success’: False,
‘privacyidea_server’: ‘otp.my.domain.de’, ‘client_user_agent’: ‘chrome’,
‘client’: ‘xxx.xxx.xxx.xxx’, ‘user’: ‘’, ‘action_detail’: ‘’, ‘action’:
‘POST /validate/check’, ‘serial’: u’U2F0002A097’}

I changed the fqdn and the client ip address.

Best regards.

4

The U2F needs to be connected to your client machine. Yes, your a.k.a.
remote client.

But you probably fail, because you have no supported browser.
I recommend chrome, which works out of the box.
You can use firefox with the corresponding plugin.

Kind regards
CorneliusAm Mittwoch, 5. April 2017 15:08:39 UTC+2 schrieb iamohtep@gmail.com:

Hi,

this is also what i wanted to ask. If we are to use U2F for the token, can
a remote client enroll a U2F Key using the WebGui but the key is on usb
port of the remote client??

Regards,
Jojo

On Wednesday, April 5, 2017 at 2:36:35 PM UTC+2, hahnschwegwe wrote:

Hello,

I installed the privacyIDEA server and the owncloud App. I can
authenticate with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in
privacyIDEA to my user. I followed this tutorials

https://www.youtube.com/watch?v=w-ZzawYEUxw
https://www.youtube.com/watch?v=qcQlENAyxgQ
https://www.youtube.com/watch?v=0VKFGSAlL80

I did all the settings at the server.

If i now want to login with the u2f device, the nextcloud app tells me:

"privacyIDEA
Please authenticate using the selected factor.

Failed to trigger challenges.

OTP => Verify"

But I do not have an OTP for U2F and the Yubikey is not blinking.

In the Nextcloud App, I entered the privacyIDEA admin account as the
service account for the challenge-response tokens.

I also can’t test my U2F Yubikey in privacyIDEA. I enter the PIN and it
says “Please confirm with your U2F token (Yubico U2F EE Serial …)”
Then the Yubikey does not blink and if I push the button I get the same
error message.

Any ideas?

Best regards

5

Upgrading the server to 2.18.1 solved the problem :slight_smile: