Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-92653 As an Instance Administrator, I want to configure a FIDO2 based hardware key verifier
  3. LPS-123743

[BUG] If FIDO2 verifier fails, it blocks the user to authenticate himself with other verifiers in the flow

    Details

    • Branch Version/s:
      7.3.x
    • Backported to Branch:
      Committed
    • Fix Priority:
      3
    • Sprint:
      Iteration 45, Iteration 46, Iteration 47, Iteration 48, Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56
    • Test Type:

      Description

      Summary
      When I enabled multiple MFA verifier, EOTP, TOTP and FIDO2 and the user fails at login with FIDO2 verifier, then even if I enter other verifier data correctly, I cannot enter the site.

      Repro

      1. Enable MFA verifiers, EmailOTP, TimeBased OTP and FIDO2
      2. Set FIDO2's allowed origin to something special "HTTP://not.existing.com"
      3. Go to Portal and press Sign in
      4. Enter your email and password
      5. Authenticate yourself with FIDO2. Note that FIDO2 will fail due the different origin.
      6. Switch to a different verifier at the Login page, eg Email based
      7. Send out the email
      8. Enter the valid code from email and submit the form

      Video of the repro
      Watch repro video

      Expectation
      User might be able to login with fallback to other verifiers?

      Actual result
      User cannot login, using fallback verifiers in a single flow.

      Reproduced on
      master
      SHA: a13ddd1546319ec52ea5228accd463f4c407694c
      Updated on: Tue Nov 17 13:37:30 2020 -0800

        Attachments

          Activity

            People

            Assignee:
            marta.medio Marta Medio (Inactive)
            Reporter:
            gabor.lovas Gábor Lovas
            Recent user:
            Enterprise Release HU
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.3.6 CE GA7
                7.3.X
                Master