Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passkey mapping doesn't contain userID when --cred-type='discoverable' #7165

Closed
menonsudhir opened this issue Feb 5, 2024 · 1 comment · Fixed by SSSD/sssd.io#80
Closed

Passkey mapping doesn't contain userID when --cred-type='discoverable' #7165

menonsudhir opened this issue Feb 5, 2024 · 1 comment · Fixed by SSSD/sssd.io#80
Assignees
@ikerexxe
Labels
passkey Issues and PRs related to 'passkey' feature

Comments

@menonsudhir
Copy link

menonsudhir commented Feb 5, 2024
edited
Loading

When passkey is added for IPA user using the option --cred-type='discoverable' it is missing the userId as mentioned in the https://sssd.io/design-pages/passkey_authentication.html

The format for server-side credentials for the key mapping is passkey:credentialId,pemPublicKey.
The format for [discoverable credentials] for the key mapping is passkey:credentialId,pemPublicKey,userId.

[root@client1 ~]# ipa user-add-passkey --cred-type='server-side' --register
User login: user101
Enter PIN:
Please touch the device.

Added passkey mappings to user "user101"

User login: user101
Passkey mapping: passkey:T6+Dar+40lcM8yKovV/rpR9JrBmUsQl+eawqmRsNvIDUWCblyYg8jx0Bh7Fm3Kw4J+ogR7+Vhxofm9skfrqZaQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFi+Kc326oaJaN9pG1jnc7SFd9UaBJcH4eHCYIaXwhownxBYqebiGq6aeS+0Zouut1ffUGORjt0TnRjHPgpSotA==

[root@client1 ~]# ipa user-add-passkey --cred-type='discoverable' --register
User login: user101
Enter PIN:
Please touch the device.

Added passkey mappings to user "user101"

User login: user101
Passkey mapping: passkey:T6+Dar+40lcM8yKovV/rpR9JrBmUsQl+eawqmRsNvIDUWCblyYg8jx0Bh7Fm3Kw4J+ogR7+Vhxofm9skfrqZaQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFi+Kc326oaJaN9pG1jnc7SFd9UaBJcH4eHCYIaXwhownxBYqebiGq6aeS+0Zouut1ffUGORjt0TnRjHPgpSotA==,
passkey:7wRwVRmGHnsAIOBHi04yheNHr96tFIuRU4p5MGkuaKS6Na9v6UFROjilcKbFVfpl,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7wRwVRmGHnsAIOBHi1LSPzYroyZIfZ33ryXhbLLKs0+sV9EAoQEZV/P+4sgw90VNcYtAr21PqlbdJltpK4QTbg==
@alexey-tikhonov alexey-tikhonov added the passkey Issues and PRs related to 'passkey' feature label Feb 5, 2024
ikerexxe added a commit to ikerexxe/sssd.io that referenced this issue Feb 6, 2024
@ikerexxe
Design pages: fix userId in passkey
f0c0ac5 
userId is a private attribute and it shouldn't be stored in a public
LDAP attribute. Thus, it was decided to stop printing it and storing it
in LDAP, but I forgot to update the design. This commit fixes this
issue.

Resolves: SSSD/sssd#7165

Signed-off-by: Iker Pedrosa <[email protected]>
@ikerexxe ikerexxe mentioned this issue Feb 6, 2024
Merged
@ikerexxe
Copy link
Contributor

ikerexxe commented Feb 6, 2024

Ops. We decided to stop printing and storing the userId in the LDAP server because it's private and it would be stored in a public attribute. I opened SSSD/sssd.io#80 to fix this issue in the design page. Please take a look at it.

ikerexxe added a commit to SSSD/sssd.io that referenced this issue Feb 12, 2024
@ikerexxe
Design pages: fix userId in passkey
8b310f3 
userId is a private attribute and it shouldn't be stored in a public
LDAP attribute. Thus, it was decided to stop printing it and storing it
in LDAP, but I forgot to update the design. This commit fixes this
issue.

Resolves: SSSD/sssd#7165

Signed-off-by: Iker Pedrosa <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ikerexxe ikerexxe

Labels
passkey Issues and PRs related to 'passkey' feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Design pages: fix userId in passkey ikerexxe/sssd.io
3 participants
@ikerexxe @menonsudhir @alexey-tikhonov