Details
-
Bug
-
Resolution: Done
-
Major
-
RH-SSO-7.5.1
-
False
-
None
-
False
-
-
-
Description
Issue : Option of "Try another way" is not available for LDAP user when configuring Webauthn Passwordless Authenticator
Created passwordless flow similar to steps provided in documentation.
~~~~
If the user selects the Try another way link with WebAuthn passwordless authentication, the user can choose between Password and Security Key (WebAuthn passwordless).
~~~~
- "Try another way" comes up for local RH-SSO user
- But when the user is created through LDAP user federation, "Try another way" does not comes up.
- If user(Ldap user) has password and security key configured, user can only login only with security key
Input:
It seems since the LDAP credential is not part of CREDENTIAL table, hence during login process the auth-password-form is not part of authenticationSelectionList
2022-02-15 19:28:17,832 DEBUG [org.hibernate.SQL] (default task-4) select credential0_.ID as ID1_19_, credential0_.CREATED_DATE as CREATED_2_19_, credential0_.CREDENTIAL_DATA as CREDENTI3_19_, credential0_.PRIORITY as PRIORITY4_19_, credential0_.SALT as SALT5_19_, credential0_.SECRET_DATA as SECRET_D6_19_, credential0_.TYPE as TYPE7_19_, credential0_.USER_ID as USER_ID9_19_, credential0_.USER_LABEL as USER_LAB8_19_ from CREDENTIAL credential0_ where credential0_.USER_ID=? order by credential0_.PRIORITY .......... 2022-02-15 19:28:17,833 TRACE [org.hibernate.persister.entity.AbstractEntityPersister] (default task-4) Hydrating entity: [org.keycloak.models.jpa.entities.CredentialEntity#0a1e258c-98ac-4206-8646-ea0f4c105b4d] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([CREATED_2_19_] : [BIGINT]) - [1644929178911] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([CREDENTI3_19_] : [VARCHAR]) - [{"aaguid":"00000000-0000-0000-0000-000000000000","credentialId":"23pKHMMcu9esjoCUGgWRu5Ljr82AFRFrmSk22SM8Nzo=","counter":0,"credentialPublicKey":"pQECAyYgASFYIHtFV73aUy4QM019IIIjdzNP9COYu0o1XB1AdctwBnQiIlggIuGimeMaeVK7dL4rFVxeVLQRbAXFAbcDjpmWCXRMX8E","attestationStatementFormat":"none"}] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([PRIORITY4_19_] : [INTEGER]) - [10] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([SALT5_19_] : [VARBINARY]) - [null] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([SECRET_D6_19_] : [VARCHAR]) - [{}] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([TYPE7_19_] : [VARCHAR]) - [webauthn-passwordless] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([USER_ID9_19_] : [VARCHAR]) - [cb602c45-834e-4b2f-83a0-8ace60ba9a27] 2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([USER_LAB8_19_] : [VARCHAR]) - [WebAuthn Authenticator (Default Label)] 2022-02-15 19:28:17,833 TRACE [org.hibernate.loader.Loader] (default task-4) Total objects hydrated: 1 ......... 2022-02-15 19:28:17,833 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-4) Selections when trying execution 'webauthn-authenticator-passwordless' : [ authSelection - webauthn-authenticator-passwordless]