Unable to register Authentificator

  • Hi,

    When trying to register a authentificator for a new user, the registration fails with an error message, however in the table above the “register new authenticator”, the new entry shows up.

    Following log message:

    [2023-09-13 19:47:03][d6523a] ajax_create: Start
[2023-09-13 19:47:03][d6523a] ajax_create: name => "Test", type => "none", usernameless => "false"
[2023-09-13 19:47:03][d6523a] ajax_create: user => "admin"
[2023-09-13 19:47:03][d6523a] ajax_create: excludeCredentials => []
[2023-09-13 19:47:03][d6523a] ajax_create: user_verification => "false"
[2023-09-13 19:47:03][d6523a] ajax_create: Challenge sent
[2023-09-13 19:47:11][293ff0] ajax_create_response: Client response received
[2023-09-13 19:47:11][293ff0] ajax_create_response: name => "Test", type => "none", usernameless => "false"
[2023-09-13 19:47:11][293ff0] ajax_create_response: data => {"id":"(removed)","type":"public-key","rawId":"(removed)","response":{"clientDataJSON":"(removed)","attestationObject":"(removed)"}}
[2023-09-13 19:47:11][293ff0] ajax_create_response: Credential ID unique check passed
[2023-09-13 19:47:11][293ff0] ajax_create_response: Challenge verified
[2023-09-13 19:47:11][293ff0] ajax_create_response: Authenticator added

    (All key data removed, available on request.)

    Verification fails as well, but the log does not show any error:

    [2023-09-13 19:52:31][15e05d] ajax_auth: Start
[2023-09-13 19:52:31][15e05d] ajax_auth: type => "test", user => "admin", usernameless => "false"
[2023-09-13 19:52:31][15e05d] ajax_auth: allowedCredentials => [{"type":"public-key","id":"(removed)"}]
[2023-09-13 19:52:31][15e05d] ajax_auth: user_verification => "false"
[2023-09-13 19:52:31][15e05d] ajax_auth: Challenge sent
[2023-09-13 19:52:35][707bfd] ajax_auth_response: Client response received
[2023-09-13 19:52:35][707bfd] ajax_auth_response: type => "test", user => "admin"
[2023-09-13 19:52:35][707bfd] ajax_auth_response: data => {"id":"(removed)","type":"public-key","rawId":"(removed)","response":{"authenticatorData":"(removed)","clientDataJSON":"(removed)","signature":"(removed)","userHandle":null}}
[2023-09-13 19:52:35][707bfd] ajax_auth_response: Challenge verified

    Login seems to fail as well (showing a corresponding message), but when opening the Dashboard, the user is obviously authenticated and all functions can be accessed.

    What am I doing wrong?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Axton

    (@axton)

    Hi olli23,

    The logs look fine. Have you enabled PHP warning output? For back-end, WP-WebAuthn sends messages in certain format to front-end. The front-end will show errors if messages sent by back-end cannot be parsed. If your PHP is producing warnings and warning output is enabled, it will happen.

    Thread Starter olli23

    (@olli23)

    Hi Axton,

    thanks for your reply, within the server backend, I enabled PHP error display, but there’s not error message displayed in conjunction with WebAuth (I actually had an option double-defined in wp-config.php – but that had nothing to do with authentication).

    I deactivated some other plugins as well, but that didn’t help.

    Any more suggestions?

    Plugin Author Axton

    (@axton)

    There’s must something disturbing the output. Can you check server responses directly using the browser dev tool?

    Thread Starter olli23

    (@olli23)

    Sorry for the delay. I checked the server responses, but nothing strange to find…

    The only weird thing I found is the referrer of the GET request after logging in and showing the “authentication failed” message:

    GET /wp-admin/admin-ajax.php?action=wwa_auth_start&user=olli&type=auth HTTP/2.0" 200 723 "https://www.xxxxxxx.de/wp-login.php?loggedout=true&wp_lang=de_DE" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/118.0

    Why is ‘loggedout’ set to true?

    And again: after this “unsuccessful login”, I am definetly loggin in as I can access the WP Dashboard just by opening the “…/wp-admin” URL.

    How can I debug further?

    Thanks for your help,
    Olli

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Unable to register Authentificator’ is closed to new replies.