FABIO LEONARDO DA SILVA BRASIL

We encountered the following questions regarding the solution's certification. What are the procedures for obtaining FIDO server certification? (Validate if these steps are sufficient to achieve certification) a. The first step is essentially automated by the FIDO Alliance. We need to register initially in the tool to download the environment evaluation toolkit. b. The second step involves scheduling by the FIDO Alliance after submitting the report. This is the phase we need to be mindful of, as...

Context Confirmation Yes, that's correct. We are using an Android application for the registration and authentication process instead of a desktop with a browser. Environment Details a) Android version: We are dealing with multiple versions of Android since our end users use a variety of devices. b) Target API level: We are using the native Android API along with support for YubiKey. c) Mobile device and test model: As previously mentioned, we do not have full visibility of the devices being used,...

Dear Arshad Noor, Good afternoon, Currently, we have "overcome" the issue of different origins. The main topic now is that, if the origin is not HTTPS, the device REGISTER fails due to validation of the "origin" field, which requires it to start with HTTPS. This occurs even when the value is a valid APK identifier (android:apk-key-hash:<cert_hash>), resulting in an error due to this validation. However, in the AUTHENTICATE process, the scenario changes — this validation does not exist, and APK origins...

Dear Arshad Noor, Good afternoon! Thank you very much for your assistance. To make everything clearer and avoid any doubts for the team, could you kindly provide an example of the configuration? Best regards, Fábio Brasil

Arshad Noor, good afternoon! Below is the relevant log snippet concerning preauthenticate: css Copy code [2024-11-08T18:10:14.491+0000] [Payara 6.2024.4] [INFO] [AS-EJB-00054] [jakarta.enterprise.ejb.container] [tid: _ThreadID=104 _ThreadName=admin-thread-pool::admin-listener(1)] [timeMillis: 1731089414491] [levelValue: 800] [[ Portable JNDI names for EJB generateFido2PreauthenticateChallenge: [java:global/fidoserver/com.strongkey-fidoserverbeans-4.13.0/generateFido2PreauthenticateChallenge, java:global/fidoserver/com.strongkey-fidoserverbeans-4.13.0/generateFido2PreauthenticateChallenge!com.strongkey.skfs.policybeans.generateFido2PreauthenticateChallengeLocal]...

Arshad Noor, good afternoon! Below is the relevant log snippet concerning preauthenticate: css Copy code [2024-11-08T18:10:14.491+0000] [Payara 6.2024.4] [INFO] [AS-EJB-00054] [jakarta.enterprise.ejb.container] [tid: _ThreadID=104 _ThreadName=admin-thread-pool::admin-listener(1)] [timeMillis: 1731089414491] [levelValue: 800] [[ Portable JNDI names for EJB generateFido2PreauthenticateChallenge: [java:global/fidoserver/com.strongkey-fidoserverbeans-4.13.0/generateFido2PreauthenticateChallenge, java:global/fidoserver/com.strongkey-fidoserverbeans-4.13.0/generateFido2PreauthenticateChallenge!com.strongkey.skfs.policybeans.generateFido2PreauthenticateChallengeLocal]...

Arshad Noor, good afternoon! Below is the relevant log snippet concerning preauthentication: css Copy code [2024-11-08T18:10:14.491+0000] [Payara 6.2024.4] [INFO] [AS-EJB-00054] [jakarta.enterprise.ejb.container] [tid: _ThreadID=104 _ThreadName=admin-thread-pool::admin-listener(1)] [timeMillis: 1731089414491] [levelValue: 800] [[ Portable JNDI names for EJB generateFido2PreauthenticateChallenge: [java:global/fidoserver/com.strongkey-fidoserverbeans-4.13.0/generateFido2PreauthenticateChallenge, java:global/fidoserver/com.strongkey-fidoserverbeans-4.13.0/generateFido2PreauthenticateChallenge!com.strongkey.skfs.policybeans.generateFido2PreauthenticateChallengeLocal]...

Problem Description: During the execution of an application on the Payara Server (version 6.2024.4), a critical error (SEVERE) was logged. The error occurs in the SKFSIllegalArgumentException class, indicating that the origin of an HTTP request was deemed invalid. Error Message: SKFSIllegalArgumentException: Invalid Origin: https://app.test.com.br != https://test.com.br Current Configuration: The origin policy settings are configured as follows: json Copy code "crossOrigin": { "enabled": false, "allowedOrigins":...