WebAuthn : Uncaught (in promise) DOMException: The operation is insecure

Hello

I have an issue when i try to login with web authn on my app.

Here is my Infrastructure :

Winserv 2022 | Roles : DC / ADCS
Winserv 2022 | Roles : Exchange SE | url : mfa-exchange.lab.mfa
Winserv 2016 | Roles : ADFS | url : sts.lab.mfa
Ubuntu 22 | Roles : PrivacyIdea | privacyidea.lab.mfa

I successfully delegated the auth to my ADFS and connected it to my PrivacyIdea server with the plugin

I enrolled the token in webauthn

But when im trying to connect, the first auth is passed, but when i try to auth with the WebAuthn I got this error :

image707×469 61.2 KB

The RPID i use in PrivacyIdea is privacyidea.lab.mfa, cuz that the only one who works for enroll a Fido2 Token to a User.

If anyone can help me with this notion

Thanks for reading !!

Hi calcalou,

WebAuthn aborts because the configured “Relying Party ID” (rpId) does not match the current page’s origin (domain). WebAuthn is strict: the rpId must be either exactly the current hostname or a parent domain of it.

Reference:
https://privacyidea.readthedocs.io/en/stable/configuration/tokenconfig/webauthn.html#relying-party-id

In your case the WebAuthn ceremony runs on https://sts.lab.mfa (ADFS), so valid rpId values are:

• sts.lab.mfa (recommended if WebAuthn is only used via ADFS), or

• lab.mfa (if the same credential should be valid across all subdomains of lab.mfa)

Please check the privacyIDEA policy (e.g. webauthn_relying_party_id) and ensure it matches.
Note: if you change the rpId, existing WebAuthn credentials must be re-enrolled because they are bound to the rpId.

BR

Julio