From nobody Wed Sep 04 08:46:43 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WzGLz1JC3z5TRDv for ; Wed, 04 Sep 2024 08:46:51 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from gaoxing.magnetkern.de (gaoxing.magnetkern.de [167.235.225.147]) by mx1.freebsd.org (Postfix) with ESMTP id 4WzGLy3Gcsz4V41 for ; Wed, 4 Sep 2024 08:46:50 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 167.235.225.147 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de Received: from titanium.fritz.box (p200300c26f20ef00264bfefffe54b09c.dip0.t-ipconnect.de [IPv6:2003:c2:6f20:ef00:264b:feff:fe54:b09c]) by gaoxing.magnetkern.de (Postfix) with ESMTPSA id 359BB5F143 for ; Wed, 4 Sep 2024 10:46:46 +0200 (CEST) Date: Wed, 4 Sep 2024 10:46:43 +0200 From: Jan Behrens To: freebsd-questions@freebsd.org Subject: FIDO2 security key (YubiKey 5 NFC) and WebAuthn Message-Id: <20240904104643.ab27db8cc7abc7068fff98ee@magnetkern.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.52 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-0.999]; NEURAL_HAM_SHORT(-0.92)[-0.919]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx:c]; ONCE_RECEIVED(0.10)[]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; ASN(0.00)[asn:24940, ipnet:167.235.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[magnetkern.de]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Queue-Id: 4WzGLy3Gcsz4V41 Hello, I have a problem with my FIDO2 security key (which is a YubiKey 5 NFC). As I'm unsure whether this is an issue of FreeBSD or Firefox, I ask here. Originally, I made a post on the FreeBSD forum, but didn't get a helpful response regarding this issue yet: https://forums.freebsd.org/threads/94605/ In here, I only want to discuss the WebAuthn issue in Firefox, and not the potential security issue regarding "pcscd" also mentioned on the forum. (I made a post to the freebsd-security mailing list in that matter.) The Firefox related problem is as follows: When I go to https://webauthn.io/ and click on "Authenticate" (this is reproducible without a hardware token), then Firefox asks me: "Touch your security key to continue with webauthn.io." If I press cancel and try again, the website will from then on respond with: "The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission." Similar errors happen on other websites providing WebAuthn login. This is until I switch to the text console using CTRL+ALT+F1 and back to X using CTRL+ALT+F9. Afterwards I can perform WebAuthn registration or authentication once more using Firefox, but only once. After an unsuccessful or successful registration or authentication, it won't work until I switch back to text console and back. If I have several Firefox windows with different profiles open, only the first attempt will be executed, and all other windows will fail from then on. This problem doesn't seem to exist in Chromium. However, I don't understand why switching to the text console and back to X is a workaround. This is why I suspect there might be something FreeBSD related to this problem? Can anyone reproduce this behavior of Firefox using FreeBSD? I'm using package "firefox-130.0_1,2" and FreeBSD 14.1-RELEASE-p3. Kind Regards, Jan Behrens