Getting "Attestation signature does not match" error when trying to setup a Yubikey4

🍱 Features & apps twofactor_u2f
1

Hi,

when trying to setup my Yubikey4 as a U2F device, I am getting this error in the nextcloud.log:

{“reqId”:“WPHlEDOUpRk0Wr09yas0UgAAAAk”,“remoteAddr”:“10.100.1.21”,“app”:“index”,“message”:“Exception: {“Exception”:“u2flib_server\\Error”,“Message”:“Attestation signature does not match”,“Code”:5,“Trace”:”#0 \/var\/www\/html\/nextcloud\/apps\/twofactor_u2f\/lib\/Service\/U2FManager.php(112): u2flib_server\\U2F->doRegister(Object(stdClass), Object(stdClass))\n#1 \/var\/www\/html\/nextcloud\/apps\/twofactor_u2f\/lib\/Controller\/SettingsController.php(76): OCA\\TwoFactorU2F\\Service\\U2FManager->finishRegistration(Object(OC\\User\\User), ‘BQR-ZLS1Rge85IB…’, ‘eyAiY2hhbGxlbmd…’)\n#2 [internal function]: OCA\\TwoFactorU2F\\Controller\\SettingsController->finishRegister(‘BQR-ZLS1Rge85IB…’, ‘eyAiY2hhbGxlbmd…’)\n#3 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(160): call_user_func_array(Array, Array)\n#4 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(90): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OCA\\TwoFactorU2F\\Controller\\SettingsController), ‘finishRegister’)\n#5 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/App.php(114): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OCA\\TwoFactorU2F\\Controller\\SettingsController), ‘finishRegister’)\n#6 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main(‘OCA\\\\TwoFactorU2…’, ‘finishRegister’, Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#7 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#8 \/var\/www\/html\/nextcloud\/lib\/private\/Route\/Router.php(299): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#9 \/var\/www\/html\/nextcloud\/lib\/base.php(1010): OC\\Route\\Router->match(’\/apps\/twofactor…’)\n#10 \/var\/www\/html\/nextcloud\/index.php(40): OC::handleRequest()\n#11 {main}",“File”:"\/var\/www\/html\/nextcloud\/apps\/twofactor_u2f\/vendor\/yubico\/u2flib-server\/src\/u2flib_server\/U2F.php",“Line”:211}",“level”:3,“time”:“2017-04-15T09:17:06+00:00”,“method”:“POST”,“url”:"/index.php/apps/twofactor_u2f/settings/finishregister",“user”:“budy”,“version”:“11.0.2.7”}

What could cause this?

Cheers,
budy

2

Could it be that this happens, since the nc server is behind a reverse proxy?

Thanks,
budy

3

I removed the reverse proxy from the setup, but I setting up U2F is still failling. When trying in Chrome, I immediately get an error 2, even before pressing the Yubikey’s button.

/budy

4

Shoot… colleagues installed a haproxy on the Nextcloud host… so, Apache isn’t doing any https. No wonder, that the U2F registration fails. I am pretty sure, that this is the case and I will remove haproxy from the setup as well… and check-in again.

/budy

5

…works! :slight_smile: