[GH-ISSUE #1258] Error when registering U2F device #885

New issue

Closed

opened 2026-03-03 02:04:22 +03:00 by kerem · 11 comments

kerem commented 2026-03-03 02:04:22 +03:00

Owner

Copy link

Originally created by @AJEvans3 on GitHub (Dec 6, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1258

I am self hosting Bitwarden_rs in docker on my synology nas. When I try to add my Yubico security key or Solokey, I get a generic error that appears almost immediately after clicking on the "Read key" button. Ive read in the other posted issues that solution could potentially be found by looking at my configuration.

Is it something to do with my configuration or URLS? How do I go about checking my config/URLS to make sure they are correct? And if not, making the change? When typing in https://webvault.com/app-id.json I get the following:

{"trustedFacets":[{"ids":["http://xxxxx","ios:bundle-id:com.8bit.bitwarden","android:apk-key-hash:xxxxxxxxxx"],"version":{"major":1,"minor":0}}]}

Originally created by @AJEvans3 on GitHub (Dec 6, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1258 I am self hosting Bitwarden_rs in docker on my synology nas. When I try to add my Yubico security key or Solokey, I get a generic error that appears almost immediately after clicking on the "Read key" button. Ive read in the other posted issues that solution could potentially be found by looking at my configuration. Is it something to do with my configuration or URLS? How do I go about checking my config/URLS to make sure they are correct? And if not, making the change? When typing in https://webvault.com/app-id.json I get the following: {"trustedFacets":[{"ids":["http://xxxxx","ios:bundle-id:com.8bit.bitwarden","android:apk-key-hash:xxxxxxxxxx"],"version":{"major":1,"minor":0}}]} 

kerem 2026-03-03 02:04:22 +03:00

• closed this issue
• added the
  better for forum
  label

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@ikkuranus commented on GitHub (Dec 11, 2020):

I'm experiencing the same problem with my yubikey 5.

<!-- gh-comment-id:742986363 --> @ikkuranus commented on GitHub (Dec 11, 2020): I'm experiencing the same problem with my yubikey 5.

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Dec 15, 2020):

Keep in mind that you need HTTPS, else these functions will not work.

<!-- gh-comment-id:745137190 --> @BlackDex commented on GitHub (Dec 15, 2020): Keep in mind that you need HTTPS, else these functions will not work.

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Dec 15, 2020):

Also, does it work here: https://demo.yubico.com/webauthn-technical/registration

<!-- gh-comment-id:745137940 --> @BlackDex commented on GitHub (Dec 15, 2020): Also, does it work here: https://demo.yubico.com/webauthn-technical/registration

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@AJEvans3 commented on GitHub (Dec 15, 2020):

Keep in mind that you need HTTPS, else these functions will not work.
What does that mean? My yubikey work on the site you sent. What about the solokeys?

<!-- gh-comment-id:745404828 --> @AJEvans3 commented on GitHub (Dec 15, 2020): > Keep in mind that you need HTTPS, else these functions will not work. What does that mean? My yubikey work on the site you sent. What about the solokeys?

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Dec 15, 2020):

You need to have an encrypted connection to bitwarden_rs so https:// without it, reading the key will not work.

<!-- gh-comment-id:745463030 --> @BlackDex commented on GitHub (Dec 15, 2020): You need to have an encrypted connection to bitwarden_rs so https:// without it, reading the key will not work.

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@AJEvans3 commented on GitHub (Dec 16, 2020):

I guess I thought I had an encrypted connection. How do I verify that I do? And if I dont, fix it?

<!-- gh-comment-id:747064201 --> @AJEvans3 commented on GitHub (Dec 16, 2020): I guess I thought I had an encrypted connection. How do I verify that I do? And if I dont, fix it?

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@ikkuranus commented on GitHub (Dec 19, 2020):

You need to have an encrypted connection to bitwarden_rs so https:// without it, reading the key will not work.

I run this docker container under unraid with the swag (letsencrypt) reverse proxy. I assume even though the swag container is providing https and the actual bitwarden container is only http that it won't be enough to pass that check?

<!-- gh-comment-id:748452132 --> @ikkuranus commented on GitHub (Dec 19, 2020): > You need to have an encrypted connection to bitwarden_rs so https:// without it, reading the key will not work. I run this docker container under unraid with the swag (letsencrypt) reverse proxy. I assume even though the swag container is providing https and the actual bitwarden container is only http that it won't be enough to pass that check?

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Dec 19, 2020):

It should be enough. The browser needs an encrypted connection, else it won't work.
If your URL starts with https:// that should be enough.

Also, check that you have your DOMAIN settings correctly.
If that doesn't match what is in your URL, it will also fail.

github.com/dani-garcia/bitwarden_rs@175f2aeace/.env.template (L194)

<!-- gh-comment-id:748461429 --> @BlackDex commented on GitHub (Dec 19, 2020): It should be enough. The browser needs an encrypted connection, else it won't work. If your URL starts with `https://` that should be enough. Also, check that you have your `DOMAIN` settings correctly. If that doesn't match what is in your URL, it will also fail. https://github.com/dani-garcia/bitwarden_rs/blob/175f2aeace6a6099cb3ea47d2de9968e764b5f43/.env.template#L194

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@qx-775 commented on GitHub (Jan 2, 2021):

I have this issue too, I am trying to register a key clearly on the https page using a self signed cert.

  bitwarden:
        restart: always
        image: docker.io/bitwardenrs/server:latest
        container_name: bitwarden
        environment:
            WEBSOCKET_ENABLED: 'true'
            ROCKET_TLS: '{certs = "/certs/cert.pem", key = "/certs/key.pem"}'
            DOMAIN: https://IPADDRESS:PORTNUMBER

Where IPADDRESS and PORTNUMBER are my actual (redacted) numbers.
Opening the console gives me this

listening for key...
u2f.js:702 Extension JS API Version:  1.1
two-factor-u2f.component.ts:138 error: 2

Using the latest version 2.17.1

What can I do to make the yubikey work? I have 2fa TOTP already enabled.

<!-- gh-comment-id:753415984 --> @qx-775 commented on GitHub (Jan 2, 2021): I have this issue too, I am trying to register a key clearly on the https page using a self signed cert. ```yaml bitwarden: restart: always image: docker.io/bitwardenrs/server:latest container_name: bitwarden environment: WEBSOCKET_ENABLED: 'true' ROCKET_TLS: '{certs = "/certs/cert.pem", key = "/certs/key.pem"}' DOMAIN: https://IPADDRESS:PORTNUMBER ``` Where IPADDRESS and PORTNUMBER are my actual (redacted) numbers. Opening the console gives me this ```js listening for key... u2f.js:702 Extension JS API Version: 1.1 two-factor-u2f.component.ts:138 error: 2 ``` Using the latest version 2.17.1 What can I do to make the yubikey work? I have 2fa TOTP already enabled.

kerem commented 2026-03-03 02:04:23 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jan 2, 2021):

Your DOMAIN is not configured correctly.
If you have a self signed cert, which common name (domain name) did you use? That is what you need to fill in into the domain.

Also, I'm not sure if u2f will work with self signed certs. It could be that you need to add your self signed CA root into your trusted certificates for your browser.

But that error 2 means something is not matching, it's either domain or certificate or maybe both.

<!-- gh-comment-id:753442989 --> @BlackDex commented on GitHub (Jan 2, 2021): Your DOMAIN is not configured correctly. If you have a self signed cert, which common name (domain name) did you use? That is what you need to fill in into the domain. Also, I'm not sure if u2f will work with self signed certs. It could be that you need to add your self signed CA root into your trusted certificates for your browser. But that `error 2` means something is not matching, it's either domain or certificate or maybe both.

kerem commented 2026-03-03 02:04:24 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jan 31, 2021):

Closing this issue due to inactivity.

Please make sure you have a valid certificate and that the DOMAIN variable is configured correctly.
If one of these presents an issue using a U2F Token will not work.

If you use the image: docker.io/bitwardenrs/server:testing tagged image the DOMAIN variable can be validated within the /admin/diagnostics page.

<!-- gh-comment-id:770412071 --> @BlackDex commented on GitHub (Jan 31, 2021): Closing this issue due to inactivity. Please make sure you have a valid certificate and that the `DOMAIN` variable is configured correctly. If one of these presents an issue using a U2F Token will not work. If you use the `image: docker.io/bitwardenrs/server:testing` tagged image the DOMAIN variable can be validated within the `/admin/diagnostics` page.

kerem referenced this issue 2026-03-03 09:08:46 +03:00

[PR #1106] [MERGED] Track favorites on a per-user basis #2883

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#885

No description provided.