[GH-ISSUE #641] Unable to register FIDO U2F #435

New issue

Closed

opened 2026-03-03 01:29:06 +03:00 by kerem · 2 comments

kerem commented 2026-03-03 01:29:06 +03:00

Owner

Copy link

Originally created by @targodan on GitHub (Oct 2, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/641

I can't register my YubiKey for FIDO U2F. When I click the Read Key button in the vault UI it says There was a problem reading the security key. Try again. (Firefox 69.0.1 64-bit on Windows 10) I have used the very same YubiKey successfully with this Firefox version on other websites before.

Here's what the JS-Console says:

listening for key...                   two-factor-u2f.component.ts:126:16
error: 2                               two-factor-u2f.component.ts:138:28

I'm running the docker image in swarm mode bitwardenrs/server:alpine (healthchecks disabled, see #618), behind a caddy proxy. Here's my caddy file for bitwarden:

[REDACTED_URL].de {
    header / {
        Strict-Transport-Security "max-age=31536000;"
        X-XSS-Protection "1; mode=block"
        X-Frame-Options "DENY"
    }

    proxy /notifications/hub bitwarden.web:3012 {
        websocket
    }
    proxy /notifications/hub/negotiate bitwarden.web:8080 {
        transparent
    }
    proxy / bitwarden.web:8080 {
        transparent
    }
}

I am accessing the vault via HTTPS with a valid letsencrypt certificate and I've set the DOMAIN variable accordingly. The container logs only yield successful request, no errors or warnings.

Originally created by @targodan on GitHub (Oct 2, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/641 I can't register my YubiKey for FIDO U2F. When I click the `Read Key` button in the vault UI it says `There was a problem reading the security key. Try again.` (Firefox 69.0.1 64-bit on Windows 10) I have used the very same YubiKey successfully with this Firefox version on other websites before. Here's what the JS-Console says: ``` listening for key... two-factor-u2f.component.ts:126:16 error: 2 two-factor-u2f.component.ts:138:28 ``` I'm running the docker image in swarm mode `bitwardenrs/server:alpine` (healthchecks disabled, see #618), behind a caddy proxy. Here's my caddy file for bitwarden: ``` [REDACTED_URL].de { header / { Strict-Transport-Security "max-age=31536000;" X-XSS-Protection "1; mode=block" X-Frame-Options "DENY" } proxy /notifications/hub bitwarden.web:3012 { websocket } proxy /notifications/hub/negotiate bitwarden.web:8080 { transparent } proxy / bitwarden.web:8080 { transparent } } ``` I am accessing the vault via HTTPS with a valid letsencrypt certificate and I've set the `DOMAIN` variable accordingly. The container logs only yield successful request, no errors or warnings.

kerem closed this issue 2026-03-03 01:29:06 +03:00

kerem commented 2026-03-03 01:29:07 +03:00

Author

Owner

Copy link

@targodan commented on GitHub (Oct 2, 2019):

Ok, sorry. I figured it out. I had the variable DOMAIN=REDACTED_DOMAIN.de, but instead it needs to be DOMAIN=https://REDACTED_DOMAIN.de

<!-- gh-comment-id:537461308 --> @targodan commented on GitHub (Oct 2, 2019): Ok, sorry. I figured it out. I had the variable `DOMAIN=REDACTED_DOMAIN.de`, but instead it needs to be `DOMAIN=https://REDACTED_DOMAIN.de`

kerem commented 2026-03-03 01:29:07 +03:00

Author

Owner

Copy link

@whoo commented on GitHub (May 5, 2021):

Hi,
I've got the same issue with docker vaultwarden.

docker run -d --name vaultwarden -e DOMAIN=https://wizz:5000 -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest
socat openssl-listen:5000,reuseaddr,fork,cert=wizz.pem,verify=0 tcp4:127.0.0.1:80

listening for key... 
error: 2

Probably websocket error... but there is no listening port on 3012 on container.

<!-- gh-comment-id:832622420 --> @whoo commented on GitHub (May 5, 2021): Hi, I've got the same issue with docker vaultwarden. `docker run -d --name vaultwarden -e DOMAIN=https://wizz:5000 -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest` `socat openssl-listen:5000,reuseaddr,fork,cert=wizz.pem,verify=0 tcp4:127.0.0.1:80` ``` listening for key... error: 2 ``` Probably websocket error... but there is no listening port on 3012 on container.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#435

No description provided.