Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    GeorgePals
    @GeorgePals
    Hello! I'd like to ask for some help. I am trying to run your UAF implementation. I already have the server up and running, but I can't get the client to work. I would also like to mention that I have a self-signed SSL certificate for my Tomcat server (so, because it is self-signed, it isn't considered as a valid certificate). The error message that I get, it says that the app can't communicate with the server (Something that I have checked with Wireshark and I have found out that there is some sort of communication). Am I missing something? Without the SSL, I don't have that kind of problem (I, basically, have others). Here is a picture with the problem: https://www.dropbox.com/s/rroosm1s7dce9gq/Screenshot_1.png?dl=0 Thanks in advance! Any help will be much appreciated.
    Neb
    @npesic
    @GeorgePals Hi George. I would suggest that you try to make it working first by turning off the SSL in your Tomcat, and ensure that everything works over HTTP. Then you can tackle the SSL setup issues.
    GeorgePals
    @GeorgePals
    Thank you for your answer @npesic. I tried to reinstall everything, but this time without using SSL. Now, I get the "Payload can not be null" error, like @mam91. I tried to put the "facet ID" into the server's trusted facet list using this link: /fidouaf/v1/whitelistfacetid/"facetID", but I couldn't get it to work. Do I use this facet ID that I have marked you in this picture (right picture: "bEOf1W..."): https://www.dropbox.com/s/b6ja9vvpfvv2f1i/fbergverergeregr.png?dl=0 ? Do I have to change anything else? I really am out of ideas. I do not know what else to try.
    Thanks!
    Neb
    @npesic
    @GeorgePals One good tactic in checking the server setup is to try to test server responses using the curl or postman. This way you will eliminate other setup issues, like networking.
    You can also test against the eBay server hosted here: https://openidconnect.ebay.com/
    GeorgePals
    @GeorgePals
    I have tried to use the eBay server many times, but this is what I always get: https://www.dropbox.com/s/m0upb9kfkzudahu/ewfwefwefwefwefwefwefwefew.png. Do you think that the problem is caused by the android app? I will check with curl/postman and I'll be back. Thank you for your help @npesic. I really appreciate it.
    Mohammed ALSADI
    @Moh_SADI16_twitter
    Hi @npesic , I am new to UAF, and I have a question. I have run both fido-uaf-core and fido-uaf in eclipse, and test them using <local IP : 8787 >/fidouaf/v1/public/regRequest/GreatUser and it works fine. Then I import uaf-client in android studio and run it in both emulator and real device. After modifying setting and set server end point to my local ip address, when I enter a username (test1) and press Reg button, I get the following message [ Unable to complete local authentication, please setup android device authentication ( PIN, FINGERPRINT, .. ) ]. Any help.
    Neb
    @npesic
    @Moh_SADI16_twitter Hi Mohammed. What you are describing seems to be the networking issue. Keep in mind that using the IP addresses can be very tricky, because real device will probably not be able to see it. Even emulator might have issues accessing the local IP address. You should consider hosting your server so that is accessible from outside network. One good way to achieve that might be https://www.openshift.com/
    If you want to continue using the local network and ip addresses, I would recommend researching more networking topics.
    Also, @Moh_SADI16_twitter have you tried using https://openidconnect.ebay.com/
    Basic thing to verify is that your device or emulator has network access. You can check that by going into a local browser.
    Mohammed ALSADI
    @Moh_SADI16_twitter
    @npesic , thanks for your response. Actually I have tested some links such GreatUser using my local IP address from both emulator and real device since they are all connected to the same WIFI, and I have accessed them correctly.
    I gonna look at some networking issues that could be the reason for such situation.
    Phuong
    @silverstar235
    Hi all, i have tested Ebay Android app with my UAF server(FIDO UAF certified server) and FIDO conformance tool, I met this error from conformance tool: "E/UAFClientAPI: Malformed response: mandatory field IEN_COMPONENT_NAME is missing". Who know this problem and how to fix RP App? What happened with the communication from RP app with conformance tool? Thank you very much!!! :smile:
    ashishguru1986
    @ashishguru1986
    Hi @npesic I am working on FIDO UAF on iOS side. So UAF client is stacked within the application. My query is about ASM on iOS side. How to write ASM layer on iOS side and get authenticators info. I am using the bound authenticator (touch id). So if in the case of bound authenticator do we really need the ASM api layer to communicate with authenticator or else keychain apis are ASM apis in case of iOS.
    Neb
    @npesic
    @ashishguru1986 Hi, and welcome!
    In general ASM is lower level API as presented in version 1.X of the spec
    On top of it is client API
    Depending on your goal you can decide to provide the ASM API or to do only client API.
    Can I ask you what is your vision, why are you trying to build it?
    ashishguru1986
    @ashishguru1986
    Hi @npesic I am developing an ios app which can act as an auhenticator like pingID for one or more RP.
    ashishguru1986
    @ashishguru1986
    @npesic There will only one authenticator (finger print) in case of my implementation. So app will act as an authenticator for one or more fido enabled RPs. So in my implementation UAF client stack is directly talking to keychain/secure enclave to get keys and sign data. I am not getting enough clarity on ASM part , how to discover ASM and authenticators in iOS.
    jys923
    @jys923

    Hi I am working on FIDO UAF on android side

    I have question.How to communication FIDO ASM and Authenticator Specifically.

    Android RP Client <-> FIDO Client <-> FIDO ASM <-> Authenticator

    -RP Client
    new Intent("org.fidoalliance.intent.FIDO_OPERATION");
    i.setType("application/fido.uaf_client+json");

    -FIDO Client
    i = new Intent("org.fidoalliance.intent.FIDO_OPERATION");
    i.setType("application/fido.uaf_asm+json");

    -FIDO ASM
    I have question.How to communication FIDO ASM and Authenticator Specifically
    Do you have Recommend method.

    -Authenticator

    sumit chakraborty
    @sumitpal0_twitter
    Hi Everyone,
    I am trying to build FidoClient on Android.
    I am referring to ebay code. In my case I need to put user authentication i.e fingerprint or password in my app itself rather than using system password and also I have seen that there are some pre defined Assert keys.
    I need to know how that works could i change that or it would be same.
    public static String base64DERCert = "MIIB-TCCAZ-gAwIBAgIEVTFM0zAJBgcqhkjOPQQBMIGEMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMRMwEQYDVQQKDAplQmF5LCBJbmMuMQwwCgYDVQQLDANUTlMxEjAQBgNVBAMMCWVCYXksIEluYzEeMBwGCSqGSIb3DQEJARYPbnBlc2ljQGViYXkuY29tMB4XDTE1MDQxNzE4MTEzMVoXDTE1MDQyNzE4MTEzMVowgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxEzARBgNVBAoMCmVCYXksIEluYy4xDDAKBgNVBAsMA1ROUzESMBAGA1UEAwwJZUJheSwgSW5jMR4wHAYJKoZIhvcNAQkBFg9ucGVzaWNAZWJheS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ8hw5lHTUXvZ3SzY9argbOOBD2pn5zAM4mbShwQyCL5bRskTL3HVPWPQxqYVM-3pJtJILYqOWsIMd5Rb_h8D-EMAkGByqGSM49BAEDSQAwRgIhAIpkop_L3fOtm79Q2lKrKxea-KcvA1g6qkzaj42VD2hgAiEArtPpTEADIWz2yrl5XGfJVcfcFmvpMAuMKvuE1J73jp4";
    public static String pubCert = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPIcOZR01F72d0s2PWq4GzjgQ9qZ-cwDOJm0ocEMgi-W0bJEy9x1T1j0MamFTPt6SbSSC2KjlrCDHeUW_4fA_hA";
    public static String priv = "MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgezOOy1TykYoCiwOdJkKCfScV3-lN1v_E9keawMikuFygCgYIKoZIzj0DAQehRANCAAQ8hw5lHTUXvZ3SzY9argbOOBD2pn5zAM4mbShwQyCL5bRskTL3HVPWPQxqYVM-3pJtJILYqOWsIMd5Rb_h8D-E";
    sumit chakraborty
    @sumitpal0_twitter

    getting this error in Registration Response
    Passed:

    Testcase Reg-Req/Auth-Req (OK): All fields in the Registration/Authentication response follow the spec
    Testcase Reg/Auth-Resp-4-P-2 (OK): Challenge value matches between the Request and Response
    Testcase Reg-Resp-5-P-5 (OK): Assertion scheme matches UAFV1TLV
    Testcase Reg-Resp-5-P-2 (OK): 'assertion' string length is correctly less than 4096
    Testcase Reg-Resp-P-I (OK): TLV parsed successfully
    Testcase Reg-Resp-7-P-9 (OK): Metadata corresponding to the AAID "EBA0#0001" loaded
    Testcase Reg-Resp-P-I (OK): AttestationMode Mode is set to 15879
    Testcase Reg-Resp-7-P-16 (OK): Certificate Chain validation succeeded
    Testcase Reg-Resp-7-P-15 (OK): Computed hash of the FinalChallenge and what is in the assertion match
    Testcase Reg-Resp-7-P-16 (OK): Attestation is Basic and the rootCert is found, which is right
    Failed:

    Testcase Reg/Auth-Resp-7-F-29:RegistrationResponse - signature verification failed

    Internal Ref #: sJDaCd8ijUBa7gSX8YWh56

    Michael Queralt
    @caumike
    Any suggestions for a FIDO UAF client that can be used to test an authenticator ?
    Emerson Mello
    @emersonmello

    Hi @sumitpal0_twitter ,

    In my case I need to put user authentication i.e fingerprint or password in my app itself rather than using system password and also I have seen that there are some pre defined Assert keys. I need to know how that works could i change that or it would be same.

    What do you meaning with “I need to put user authentication in my app itself rather than using system password”? Do you want to develop a FIDO ASM?

    @caumike , a shameless promotion: You can try that one: https://github.com/emersonmello/dummyuafclient, that is based on @npesic fantastic work. But, I didn't any test with a real FIDO Authenticator. Actually, I did a try with Samsung S6, but without success. You need to use Samsung' SDK if you want to use S6 embedded FIDO stack (I guess).
    jiyounlee215
    @jiyounlee215
    Hello. I'm university student from korea. I'm trying to make an application using fido uaf. But when i tried [https://github.com/eBay/UAF/wiki/BuildingAndRunningUAFServerUsingMaven(CLIonly)] to make fido server, i had problem with "Sanity tests using CLI commands" section. When I typed '$ curl -s http://localhost:8080/fidouaf/v1/history | python -m json.tool', it said "No JSON object could be decoded." Is there someone who can help me....?
    Neb
    @npesic
    Hi @jiyounlee215, and welcome. I would suggest to retrace all your steps, and make sure that the fidouaf web app is deployed in your local Tomcat server. Also, one quick check would be to try the URL in your browser: http://localhost:8080/fidouaf/v1/history
    jiyounlee215
    @jiyounlee215
    Thanks, Neb! I'll try again! Actually, i'm doing this using Ubuntu. When i tried the first one, [java-sdk] I got the answer about "java -version". But i didn't get the answer about "$ /usr/libexec/java_home -V". Do you think that might be some problem?
    Phuong
    @silverstar235
    Hi, i see a problem that when the user register account with FIDO UAF, our client will generated a new keypair, and then if the user register another account with new keypair generating, the older account can not be verified because the previous keypair is lost. How can we save them for multi account?
    jiyounlee215
    @jiyounlee215

    Hi, i work with Galuxy S6. And after i did the "Consent" part, my page didn't go the the "authenticate, transaction, and dereg" page. Do you know why this happend?

    And more.

    Do I not have to register fingerprints in this application?
    I thought I had to register fingerprints separately in this application. However, when I actually implemented the application, this uses the fingerprints registered in the configuration of the mobile phone itself.

    Thank you

    diedel
    @diedel
    Hello there
    Maybe this was asked before, but which ebay/UAF open source modules I should modify/analyze to integrate my local authenticator?
    This local authenticator is an already implemented Android APP
    MuhammadRashid
    @MuhammadRashid
    @npesic Currently i have a task to develop SDK for Android ,with the help of https://github.com/eBay/UAF. I have gone through FIDO docs as well as UAFClient stuff in details.
    Here i have a query regarding Authenticator Specific Module (ASM). As i understand, flow is somethings as;
    UAF Server <—> RP App <—> FIDO UAF Client <—> FIDO UAF ASM <—> FIDO UAF Authenticator <—> Finger Print Dialog etc
    I found ASM related stuff in eBay sample app but app does’t use this code. Can you please guide me, should i need to use ASM component in my SDK or not?
    Dimitrisgouz
    @Dimitrisgouz
    Hello there, i have build and run a UAF server using Eclipse but i can't build the client .. any ideas ?
    Emerson Mello
    @emersonmello
    @Dimitrisgouz are you using Android Studio, aren't? cheers
    Rashmi D
    @rashmidixit
    I am keen to setup this free UAF server for a prototype project that I am working on. I don't see many conversations/activity on this - just wanted to ask if eBay/UAF is still active?
    Anu Premarathne
    @anuAutum
    @npesic I am a newbie to FIDO protocol . I am trying to implement FIDO protocol rules in my Android App but I have no clue how to get started. Please advise me how to proceeds. Thanks
    Anu Premarathne
    @anuAutum
    What FIDO UAF specs should developers study and use if they're looking to integrate a FIDO UAF Certified Client / Authenticator Combo into their Android/iOS App?
    _fantasticDev_
    @SnakeGeneral
    @anuAutum
    hello sir
    how are you?
    FT-DaWaDes
    @FT-DaWaDes
    Hi, I try to get O-Auth token and get response [11.10.19 13:49:57.120] [01EBAY_APP1_Auth] Response payload is (HTTP 400) : '{"error":"invalid_scope","error_description":"The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"}'
    _fantasticDev_
    @SnakeGeneral
    @anuAutum
    hello
    Mert Albayraktaroglu
    @albayraktaroglu
    @FT-DaWaDes i am getting the same error i can obtain token with "https://api.ebay.com/oauth/api_scope" but when i added "https://api.ebay.com/oauth/api_scope/sell.inventory.readonly", "https://api.ebay.com/oauth/api_scope/sell.inventor" it doesn't work. does anyonw knows how to solve this ?