Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1915

"Try another way” missing from passwordless flow for LDAP user

XMLWordPrintable

    • False
    • None
    • False
    • -
    • Hide
      • Integrate RH-SSO with LDAP user federation
      • Configure passwordless flow same as "password-less browser login flow" as per documentation
      • Register "Security Key" for passwordless login for ldap user
      • Login through the same ldap user
      • During login the user does not get the handle for "Try another way”, instead only "Sign in with Security Key" is available
      Show
      Integrate RH-SSO with LDAP user federation Configure passwordless flow same as "password-less browser login flow" as per documentation Register "Security Key" for passwordless login for ldap user Login through the same ldap user During login the user does not get the handle for "Try another way”, instead only "Sign in with Security Key" is available

      Issue :  Option of  "Try another way" is not available for LDAP user when configuring Webauthn Passwordless Authenticator

       

      Created passwordless flow similar to steps provided in documentation.

      ~~~~

      If the user selects the Try another way link with WebAuthn passwordless authentication, the user can choose between Password and Security Key (WebAuthn passwordless). 

      ~~~~

      • "Try another way" comes up for local RH-SSO user
      • But when the user is created through LDAP user federation, "Try another way" does not comes up.
      • If user(Ldap user) has password and security key configured, user can only login only with security key

       

      Input:

      It seems since the LDAP credential is not part of CREDENTIAL table, hence during login process the auth-password-form is not part of authenticationSelectionList

      2022-02-15 19:28:17,832 DEBUG [org.hibernate.SQL] (default task-4)
          select
              credential0_.ID as ID1_19_,
              credential0_.CREATED_DATE as CREATED_2_19_,
              credential0_.CREDENTIAL_DATA as CREDENTI3_19_,
              credential0_.PRIORITY as PRIORITY4_19_,
              credential0_.SALT as SALT5_19_,
              credential0_.SECRET_DATA as SECRET_D6_19_,
              credential0_.TYPE as TYPE7_19_,
              credential0_.USER_ID as USER_ID9_19_,
              credential0_.USER_LABEL as USER_LAB8_19_
          from
              CREDENTIAL credential0_
          where
              credential0_.USER_ID=?
          order by
              credential0_.PRIORITY
      
      .......... 
      
      2022-02-15 19:28:17,833 TRACE [org.hibernate.persister.entity.AbstractEntityPersister] (default task-4) Hydrating entity: [org.keycloak.models.jpa.entities.CredentialEntity#0a1e258c-98ac-4206-8646-ea0f4c105b4d]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([CREATED_2_19_] : [BIGINT]) - [1644929178911]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([CREDENTI3_19_] : [VARCHAR]) - [{"aaguid":"00000000-0000-0000-0000-000000000000","credentialId":"23pKHMMcu9esjoCUGgWRu5Ljr82AFRFrmSk22SM8Nzo=","counter":0,"credentialPublicKey":"pQECAyYgASFYIHtFV73aUy4QM019IIIjdzNP9COYu0o1XB1AdctwBnQiIlggIuGimeMaeVK7dL4rFVxeVLQRbAXFAbcDjpmWCXRMX8E","attestationStatementFormat":"none"}]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([PRIORITY4_19_] : [INTEGER]) - [10]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([SALT5_19_] : [VARBINARY]) - [null]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([SECRET_D6_19_] : [VARCHAR]) - [{}]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([TYPE7_19_] : [VARCHAR]) - [webauthn-passwordless]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([USER_ID9_19_] : [VARCHAR]) - [cb602c45-834e-4b2f-83a0-8ace60ba9a27]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.type.descriptor.sql.BasicExtractor] (default task-4) extracted value ([USER_LAB8_19_] : [VARCHAR]) - [WebAuthn Authenticator (Default Label)]
      2022-02-15 19:28:17,833 TRACE [org.hibernate.loader.Loader] (default task-4) Total objects hydrated: 1
      
      .........
      
      2022-02-15 19:28:17,833 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-4) Selections when trying execution 'webauthn-authenticator-passwordless' : [ authSelection - webauthn-authenticator-passwordless]
      

       

       

            Unassigned Unassigned
            rhn-support-rissingh Rishabh Singh
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: