Windows Credential provider fails with Yubikey

1

Windows Credential provider fails with Yubikey

Following youtube video OTP Authentication at the Windows Desktop with privacyIDEA Credential Provider - YouTube, it works with Push but fails with Yubikey 5

Environment

  • server 3.7.1
  • credentiel provider 3.2.0

Second factors

  • Push (every thing works like a charm)
  • Yubikey 5 (works to access PrivacyIdea console)

Test scenario

Windows login with username + AD password + insert Yubikey 5 + short touch

  • if Yubikey registered as HOTP
    • before inserting Yubikey, message wrong one time password
  • if Yubikey registered as U2F (supposed to be not supported by Credential providers)
    • after inserting Yubikey 5, the Yubikey is not blinking
    • upon short touch, “One Time Password” field is filled out with displayed star characters, message wrong one time password

What did I missed ?

2

Webauthn is not supported by the credential provider.

3

Hi Cornelius,

U2F is related FIDO1
WebAuthN is related FIDO2

In the use cases, I never user Yubikey as FIDO2 device.
and both U2F and HOTP (as you video demonstrates) tests failed.

Sure I miss something either in

  • Yubikey manager config
  • Yubikey registration process on PrivacyIDEA
  • PrivacyIDEA settings

But What and Where?