Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebAuthn registration failure #57

Open
rhawdor opened this issue Sep 25, 2023 · 12 comments · May be fixed by #85
Open

WebAuthn registration failure #57

rhawdor opened this issue Sep 25, 2023 · 12 comments · May be fixed by #85

Comments

@rhawdor
Copy link

rhawdor commented Sep 25, 2023
edited
Loading

Hello !

I recently updated to Keycloak 22 (more precisely 22.0.1, was using version 21 before), and I think I spotted a bug on WebAuthn security key registration.

Caused by: freemarker.core.NonStringOrTemplateOutputException: For "${...}" content: Expected a string or something automatically convertible to string (number, date or boolean), or "template output" , but this has evaluated to a sequence (wrapper: f.t.SimpleSequence):
==> signatureAlgorithms  [in template "webauthn-register.ftl" at line 47, column 31]
----
FTL stack trace ("~" means nesting-related):
 - Failed at: ${signatureAlgorithms}  [in template "webauthn-register.ftl" at line 47, column 29]
----

Could this be related to #20831 or am I missing something ?
@paulwer
Copy link
Contributor

paulwer commented Sep 26, 2023

Hey @rhawdor,
does this error was also present on kc 21.0.1?

@rhawdor
Copy link
Author

rhawdor commented Sep 27, 2023

Hey @paulwer !
To be extremely sure I reproduced it in a clean environment with fresh install from KC and keywind.

  • With 22.0.3 the error happen when you want to register a WebAuthn security key.
  • With 22.0.1 the security key is correctly registered.

So, to answer, no the error was not present on KC 21.0.1.

@paulwer
Copy link
Contributor

paulwer commented Sep 27, 2023

i guess this is due to the following change in keycloak:
keycloak/keycloak@1af4a7a

@lukin should we support the old and the new way for backwards compatibility?

@Clemv95
Copy link

Clemv95 commented Oct 6, 2023

I have this error too and this is annoying :/

@paulwer
Copy link
Contributor

paulwer commented Oct 6, 2023

a workaround for now would be to stay on 21 from my pov, if this is an option😕

@Clemv95
Copy link

Clemv95 commented Oct 6, 2023

it's not really an option :/
How much time do you think it's gonna take ?

@paulwer
Copy link
Contributor

paulwer commented Oct 6, 2023

i dont know.
are you able to debug yourself and PR a fix?
maybe we can start from there or move support to only the actual version?

tipp: look at the official integration mentioned beforw, what they changed...maybe this helps

@Clemv95
Copy link

Clemv95 commented Oct 6, 2023

I can try myself, but i dont think it's gonna be easy and fast, i'm not really familiar with typescript and tailwind

@paulwer
Copy link
Contributor

paulwer commented Oct 7, 2023

from my pov its an issue from mapping internal data by ftl and output it to the script.
ytring changed to array. so the mapping behavior should be edited and not even necessary the typescript script

@Clemv95
Copy link

Clemv95 commented Oct 7, 2023

Where is the mapping behavior ?
Maybe i can try

@paulwer
Copy link
Contributor

paulwer commented Oct 8, 2023
edited
Loading

the line, which is failing according to the error message is: https://github.com/lukin/keywind/blob/master/theme/keywind/login/webauthn-register.ftl#L47C31-L47C50

the variable within keycloak before was: a string separeted by "," and afterwards its a List in java.

Maybe try something like this:

<#if signatureAlgorithms?is_enumerable>${signatureAlgorithms?join(",")}<#else>${signatureAlgorithms}</#if>

(means: if its an array => join it to string, seperated with "," OR if its anything else (probably a string, from versions before) => just display it as string in the html)

and here is the line of official keycloak:
https://github.com/keycloak/keycloak/blob/main/themes/src/main/resources/theme/base/login/webauthn-register.ftl#L42

@scheibling scheibling linked a pull request Mar 2, 2024 that will close this issue
Open
@scheibling
Copy link

scheibling commented Mar 3, 2024
edited
Loading

the line, which is failing according to the error message is: https://github.com/lukin/keywind/blob/master/theme/keywind/login/webauthn-register.ftl#L47C31-L47C50

the variable within keycloak before was: a string separeted by "," and afterwards its a List in java.

Maybe try something like this:

<#if signatureAlgorithms?is_enumerable>${signatureAlgorithms?join(",")}<#else>${signatureAlgorithms}</#if>

(means: if its an array => join it to string, seperated with "," OR if its anything else (probably a string, from versions before) => just display it as string in the html)

and here is the line of official keycloak: https://github.com/keycloak/keycloak/blob/main/themes/src/main/resources/theme/base/login/webauthn-register.ftl#L42

@paulwer Cheers man, this solved it for me. I've opened up a pull request with that line replaced

@scheibling scheibling mentioned this issue Mar 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix WebAuthN Issue scheibling/keywind
4 participants
@scheibling @Clemv95 @rhawdor @paulwer