U2F with Yubikey

Hello,

I installed the privacyIDEA server and the owncloud App. I can authenticate
with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in privacyIDEA
to my user. I followed this tutorials



I did all the settings at the server.

If i now want to login with the u2f device, the nextcloud app tells me:

"privacyIDEA
Please authenticate using the selected factor.

Failed to trigger challenges.

OTP => Verify"

But I do not have an OTP for U2F and the Yubikey is not blinking.

In the Nextcloud App, I entered the privacyIDEA admin account as the
service account for the challenge-response tokens.

I also can’t test my U2F Yubikey in privacyIDEA. I enter the PIN and it
says "Please confirm with your U2F token (Yubico U2F EE Serial …)"
Then the Yubikey does not blink and if I push the button I get the same
error message.

Any ideas?

Best regards

Hi,

this is also what i wanted to ask. If we are to use U2F for the token, can
a remote client enroll a U2F Key using the WebGui but the key is on usb
port of the remote client??

Regards,
JojoOn Wednesday, April 5, 2017 at 2:36:35 PM UTC+2, hahnschwegwe wrote:

Hello,

I installed the privacyIDEA server and the owncloud App. I can
authenticate with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in privacyIDEA
to my user. I followed this tutorials

https://www.youtube.com/watch?v=w-ZzawYEUxw
https://www.youtube.com/watch?v=qcQlENAyxgQ
https://www.youtube.com/watch?v=0VKFGSAlL80

I did all the settings at the server.

If i now want to login with the u2f device, the nextcloud app tells me:

"privacyIDEA
Please authenticate using the selected factor.

Failed to trigger challenges.

OTP => Verify"

But I do not have an OTP for U2F and the Yubikey is not blinking.

In the Nextcloud App, I entered the privacyIDEA admin account as the
service account for the challenge-response tokens.

I also can’t test my U2F Yubikey in privacyIDEA. I enter the PIN and it
says "Please confirm with your U2F token (Yubico U2F EE Serial …)"
Then the Yubikey does not blink and if I push the button I get the same
error message.

Any ideas?

Best regards

Here is an log entry for testing the u2f device in privacyIDEA

[2017-04-05
15:04:58,099][9020][140374156080896][ERROR][privacyidea.lib.auditmodules.sqlaudit:266]
DATA: {‘info’: ‘Please confirm with your U2F token (Yubico U2F EE Serial
250569226176)’, ‘realm’: ‘’, ‘tokentype’: None, ‘success’: False,
‘privacyidea_server’: ‘otp.my.domain.de’, ‘client_user_agent’: ‘chrome’,
‘client’: ‘xxx.xxx.xxx.xxx’, ‘user’: ‘’, ‘action_detail’: ‘’, ‘action’:
‘POST /validate/check’, ‘serial’: u’U2F0002A097’}

I changed the fqdn and the client ip address.

Best regards.

The U2F needs to be connected to your client machine. Yes, your a.k.a.
remote client.

But you probably fail, because you have no supported browser.
I recommend chrome, which works out of the box.
You can use firefox with the corresponding plugin.

Kind regards
CorneliusAm Mittwoch, 5. April 2017 15:08:39 UTC+2 schrieb iamohtep@gmail.com:

Hi,

this is also what i wanted to ask. If we are to use U2F for the token, can
a remote client enroll a U2F Key using the WebGui but the key is on usb
port of the remote client??

Regards,
Jojo

On Wednesday, April 5, 2017 at 2:36:35 PM UTC+2, hahnschwegwe wrote:

Hello,

I installed the privacyIDEA server and the owncloud App. I can
authenticate with OTP.
Now I want to try the U2F Yubikey. I assigned the U2F Token in
privacyIDEA to my user. I followed this tutorials

https://www.youtube.com/watch?v=w-ZzawYEUxw
https://www.youtube.com/watch?v=qcQlENAyxgQ
https://www.youtube.com/watch?v=0VKFGSAlL80

I did all the settings at the server.

If i now want to login with the u2f device, the nextcloud app tells me:

"privacyIDEA
Please authenticate using the selected factor.

Failed to trigger challenges.

OTP => Verify"

But I do not have an OTP for U2F and the Yubikey is not blinking.

In the Nextcloud App, I entered the privacyIDEA admin account as the
service account for the challenge-response tokens.

I also can’t test my U2F Yubikey in privacyIDEA. I enter the PIN and it
says "Please confirm with your U2F token (Yubico U2F EE Serial …)"
Then the Yubikey does not blink and if I push the button I get the same
error message.

Any ideas?

Best regards

Upgrading the server to 2.18.1 solved the problem :slight_smile: