An error occurred: The relying party ID is not a registrable domain suffix of, nor equal to the current domain.

By: Michael Rizzo user 15 Feb 2023 at 8:14 a.m. CST

3 Responses
Michael Rizzo gravatar
Expected Behavior: Ability to enroll platform authenticator (Register a Touch-Id) for MFA from within Casa application. Actual Behavior: Trying to enroll touch id from MacBook Pro always results in the following error "An error occurred: The relying party ID is not a registrable domain suffix of, nor equal to the current domain." I was able to enroll OTP for this same user, but can not determine what might be preventing the enrollment of Touch-Id for MFA. Here is what I am seeing the FIDO2 log. Any suggestions would be helpful. Thanks. 14-02 19:54:47.346 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:83) - Attestation options {"attestation":"direct","displayName":"Michael","authenticatorSelection":{"authenticatorAttachment":"platform","userVerification":"discouraged","requireResidentKey":"false"},"username":"mrizzo"} 14-02 19:54:47.346 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:83) - Attestation options {"attestation":"direct","displayName":"Michael","authenticatorSelection":{"authenticatorAttachment":"platform","userVerification":"discouraged","requireResidentKey":"false"},"username":"mrizzo"} 14-02 19:54:47.347 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:95) - Put attestation direct 14-02 19:54:47.347 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:95) - Put attestation direct 14-02 19:54:47.348 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:244) - params.hasNonNull("authenticatorSelection") 14-02 19:54:47.348 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:244) - params.hasNonNull("authenticatorSelection") 14-02 19:54:47.348 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:100) - Put authenticatorSelection {"authenticatorAttachment":"platform","requireResidentKey":false,"userVerification":"discouraged"} 14-02 19:54:47.348 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:100) - Put authenticatorSelection {"authenticatorAttachment":"platform","requireResidentKey":false,"userVerification":"discouraged"} 14-02 19:54:47.348 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:105) - Put challenge VByiYBlAtUwWrJrwwAQs9AsCas9PIxeq7dACmEwPIbc 14-02 19:54:47.348 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:105) - Put challenge VByiYBlAtUwWrJrwwAQs9AsCas9PIxeq7dACmEwPIbc 14-02 19:54:47.349 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:110) - Put pubKeyCredParams [{"type":"public-key","alg":-257},{"type":"public-key","alg":-7}] 14-02 19:54:47.349 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:110) - Put pubKeyCredParams [{"type":"public-key","alg":-257},{"type":"public-key","alg":-7}] 14-02 19:54:47.350 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:117) - Put rp {"name":"https://MRUBGLUU-01.vortex.imp.eng","id":"MRUBGLUU-01.vortex.imp.eng"} 14-02 19:54:47.350 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:117) - Put rp {"name":"https://MRUBGLUU-01.vortex.imp.eng","id":"MRUBGLUU-01.vortex.imp.eng"} 14-02 19:54:47.353 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:127) - Put user {"id":"v8g3SO3MRo6Pjd-cbKZFvg-hVmUsage7r7O03GUEqrQ","name":"mrizzo","displayName":"Michael"} 14-02 19:54:47.353 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:127) - Put user {"id":"v8g3SO3MRo6Pjd-cbKZFvg-hVmUsage7r7O03GUEqrQ","name":"mrizzo","displayName":"Michael"} 14-02 19:54:47.353 DEBUG [qtp112797691-21] [org.gluu.oxauth.service.common.UserService] (UserService.java:81) - Getting user information from LDAP: userId = mrizzo 14-02 19:54:47.359 DEBUG [qtp112797691-21] [org.gluu.oxauth.service.common.UserService] (UserService.java:96) - Found 1 entries for user id = mrizzo 14-02 19:54:47.363 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:132) - Put excludeCredentials [] 14-02 19:54:47.363 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:132) - Put excludeCredentials [] 14-02 19:54:47.363 DEBUG [qtp112797691-21] [org.gluu.oxauth.service.common.UserService] (UserService.java:81) - Getting user information from LDAP: userId = mrizzo 14-02 19:54:47.369 DEBUG [qtp112797691-21] [org.gluu.oxauth.service.common.UserService] (UserService.java:96) - Found 1 entries for user id = mrizzo 14-02 19:54:47.375 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:165) - Saved in LDAP 14-02 19:54:47.375 DEBUG [qtp112797691-21] [org.gluu.fido2.service.operation.AttestationService] (AttestationService.java:165) - Saved in LDAP
Gluu 4.4 Ubuntu 18.04
closed

Answers

By Mohib Zico staff 15 Feb 2023 at 8:47 a.m. CST

Copy
Mohib Zico gravatar
Hi, Let us check status locally. We will update you on status. Thanks!

By Mohib Zico staff 06 Mar 2023 at 11:24 p.m. CST

Copy
Mohib Zico gravatar
Hi Michael, We just tested Apple TouchID with our test Gluu Server ( which is 4.5 ) and it's working properly: https://youtu.be/5E2ma3J0BZM

By Michael Rizzo user 07 Mar 2023 at 8:56 a.m. CST

Copy
Michael Rizzo gravatar
Thanks. I will try upgrading from 4.4 to 4.5 and see if my install works.

Post an answer