Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:36 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Tue Jul 21, 2015 2:58 pm 
Offline

Joined: Tue Jul 21, 2015 2:32 pm
Posts: 2
I've just set up Google Apps with U2F for a client of mine, using a brand new Yubikey Neo.

While it works beautifully on both Windows XP (don't ask) and Arch Linux, on his Macbook the key doesn't switch to U2F mode; the light stays solid instead of blinking to indicate U2F mode, and the Google Apps browser applet times out. Removing and reinserting the key does not help.

Here's some info on the setup that may be relevant.

OS X 10.7.5
Chrome 43.0.2357.134
Yubikey firmware 3.4.3

The old U2F extension for Crhome is not installed, and CCID is not enabled on the key, although I have tried enabling it as older forums posts suggested this might be necessary, to no avail.

What could be the problem?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jul 21, 2015 10:32 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Have you tried testing on demo.yubico.com/u2f?

*Version of Google Chrome is sufficient
*As long as U2F is enabled, there shouldn't be an issue with the mode combinations. If you have CCID mode enabled as well, check the NEO Manager and let me know if the "available apps" list on the left of the window isn't populating
*Somewhat rare issues, but I'd check these next:
(1) When it tells you to touch the button, check to the right of the address bar and make sure there isn't a pop-up blocker icon (red X). If there is, it could be blocking the permission request
(2) Make sure you aren't touching the button immediately when you get the prompt (you have to wait for the flashing to begin, it will fail if you press before the blinking starts)
(3) You may need to install the FIDO U2F extension. While I'm not required on my OSX system, I had a similar issue the other day and the user was able to resolve it by adding the extension to Chrome


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 22, 2015 2:54 pm 
Offline

Joined: Tue Jul 21, 2015 2:32 pm
Posts: 2
Hi Chris, thanks for your quick reply.

I have tried it on the demo page but the same thing happens: the light stays solid green and doesn't start blinking, even when left for a while.

I did enable CCID at first, to see if that remedied the problem, but as it didn't I disabled it again; he has no need for the CCID functionality and as it (seems to) disables the green light in OTP mode (which he uses too) it would only lead to confusion. Whilst it was active, the "Available Apps" list was populated.

(1) There wasn't anything on screen to indicate that something was being blocked (usually quite obvious), but I can try it again when I visit the client again next week.
(2) As I've got a Neo myself and use it regularly with Google Apps, I'm familiar with having to wait until the light starts blinking. On the Mac it simply stays solid and the applet times out.
(3) I forgot to mention this in my original post, but I have tried it with the extension installed (even restarted Chrome, just to be sure) but it made no difference.

He has several workarounds in the meantime as I've set him up with both Google Authenticator, SMS codes, backup phone number and printed codes, but it is somewhat embarrassing after having convinced him to part with £41 because of the ease of use of the Neo compared to having to get his mobile out, fire up Google Authenticator etc :oops:

Whilst it's unlikely to be of any influence, I thought I'd mention that my own Neo (firmware 3.3.6) gives the same result.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 18, 2015 1:55 am 
Offline

Joined: Tue Aug 18, 2015 1:40 am
Posts: 1
Hello Folks:

I have been trying, unsuccessfully, to setup my Yubikey Neo, as a U2F Security Key, for a Gmail account, using Google Chrome V.44+, and Mac OS X Lion V.10.7.5

On my Mac, I have setup my Yubikey Neo as OTP+U2F+CCID, using the Yubikey Neo Manager (See Image 12…)

About the Yubikey LED (Light) State, its different depending a Yubikey's . On one hand, OTP Mode apparently instructs the Yubikey's light to remain on, as indicated on image 21… and image 17… and 18… which are points 2.2.6 and 3.5.5 found on Yubikey's Manual. On the other hand, U2F Mode apparently instructs the Yubikey's light to remain Off, as suggested on image 22…

Setting up a Yubikey as a U2F Security Key for Gmail's Two Step Verification, requires U2F Mode to be enabled (LED is constantly Off) as suggested on image 22… The Problem is, that my Yubikey's Light remains turned On, because my YubiKey Neo is also programmed as OTP, and

So, trying to setup a Yubikey, as a U2F Security Key for a Gmail account "Probably Fails" because Gmail's Two Step Verification process is "Supposed" to be waiting for a Yubikey in U2F Mode (LED constantly Off - but flashing when required) as suggested on image 06… and not a Yubikey in OTP Mode (LED Constantly On) Which is the current state of my YubiKey Neo, because OTP mode is enabled as well (See image 02…)

On Gmail, I get the following error message: A timeout occurred while waiting for a Security Key to be inserted or tapped (See Image 07…)

I have also try, unsuccessfully, to setup my Yubikey Neo at Yubico's U2F Demo site (demo.yubico.com) Apparently, it is also waiting for a Yubikey in U2F Mode (Flashing LED) as suggested on image 03… But, since my YubiKey's is also programmed as OTP, the LED remains turned On, and I get an error message during registration, stating; Registration Failed, Make sure you have a U2F device connected (See image 04…)

On my Mac's side, when setting up a Yubikey through Apple's Keyboard Setup Assistant, you are instructed to press the key right next to the Shift Key. Naturally, there is Not a Shift Key on a Yubikey. So, if you mistakenly press the Shift Key, you will be attempting to setup your Mac's Keyboard - And Not your Yubikey. The only option, to advance to the next page, on Apple's Keyboard Setup Assistant, is to press your Yubikey Button - and that will bring, a Briefly (half a second) on-screen error notification (See image 16…) stating: Your keyboard Cannot be identified - The Keys you pressed were Not recognized. Click OK to select the keyboard type. Then, I selected the recommended value, which is ANSI and click save.

I am not sure what could be the cause of the problem, maybe it is the USB Driver, of the USB Port, on which the Yubikey sits on, maybe it needs a little update. Maybe is Google Chrome for Lion, or maybe a better version of Apple's Keyboard Setup Assistant (KeyboardSetupAssistant.app) is needed.

Chrome V.44+ doesn't need the U2F Extension, available at the Chrome Store, that is for older versions of Chrome, but anyway, I have try with and without the U2F extension and it didn't help. I have also set up Google Chrome to allow Pop-ups, all cookies, and java script, and all extensions disabled, but it didn't help. Plugins enable or disable didn't help too.

I Can't wait for Firefox to natively support FIDO U2F (https://air.mozilla.org/fido-u2f/)


Any advice will be highly appreciated.



Please see the following Screen Shoots:

01

http://www.imagebam.com/image/8bf3fa429646104

---

02

http://www.imagebam.com/image/31db64429646106

---

03

http://www.imagebam.com/image/6e4e9c429646119

---

04

http://www.imagebam.com/image/f10efd429646130

---

05

http://www.imagebam.com/image/4ad6a5429646146

---

06

http://www.imagebam.com/image/2e69f3429646158

---

07

http://www.imagebam.com/image/c98070429646173

---

08

http://www.imagebam.com/image/5d03f6429646180

---

09

http://www.imagebam.com/image/ceca71429646188

---

10

http://www.imagebam.com/image/172f17429646196

---

11

http://www.imagebam.com/image/98624f429646202

---

12

http://www.imagebam.com/image/bc8b45429646210

---

13

http://www.imagebam.com/image/b8b7d6429646219

---

14

http://www.imagebam.com/image/129710429646229

---

15

http://www.imagebam.com/image/7adff2429646238

---

16

http://www.imagebam.com/image/cf28bd429646254

---

17

http://www.imagebam.com/image/39c176429646263

---

18

http://www.imagebam.com/image/d3f810429646268

---

19

http://www.imagebam.com/image/eba222429646278

---

20

http://www.imagebam.com/image/ab7dbb429646290

---

21

http://www.imagebam.com/image/35e226429646296

---

22

http://www.imagebam.com/image/cfa2bd429646301

---




Here is some information about my Yubikey and System Info:


a) Yubikey Setup as OTP + U2F + CCID

b) Firmware Version: 3.4.0

c) Yubico U2F - Status: 1.1.0 Installed

d) Mac OS X Lion 10.7.5


e) System Information

USB Bus:

Host Controller Location: Built-in USB
Host Controller Driver: AppleUSBUHCI
PCI Device ID: 0x7fff00002834
PCI Revision ID: 0x7fff00000003
PCI Vendor ID: 0x7fff00008086
Bus Number: 0x1a

Yubikey NEO OTP+U2F+CCID:

Product ID: 0x0116
Vendor ID: 0x1050
Version: 3.40
Speed: Up to 12 Mb/sec
Manufacturer: Yubico
Location ID: 0x1a200000 / 3
Current Available (mA): 500
Current Required (mA): 30

Bluetooth USB Host Controller:

Product ID: 0x8205
Vendor ID: 0x05ac (Apple Inc.)
Version: 19.65
Speed: Up to 12 Mb/sec
Manufacturer: Apple Inc.
Location ID: 0x1a100000 / 2
Current Available (mA): 500
Current Required (mA): 0


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 20, 2015 10:33 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
Install the Yubikey NEO manager on the MAC from here:
https://developers.yubico.com/yubikey-n ... /Releases/

Disable verify that u2F it is enabled.

Register the device on Gmail, what happens?


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 22, 2015 11:30 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
I'd recommend opening Terminal to check and see if the Info.plist file is properly patched for the U2F+CCID mode combination. This patch is run when installing the NEO Manager, but sometimes it doesn't work (or obviously if you haven't already installed the NEO Manager, this file won't be patched yet).

cat /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist |grep Yubi

If there are less than four entries, run the following command, then restart your Mac:

sudo sh -c 'curl -s https://raw.githubusercontent.com/Yubic ... patch-ccid | python'


Top
 Profile  
Reply with quote  
PostPosted: Sat Jan 16, 2016 6:42 pm 
Offline

Joined: Sat Jan 16, 2016 6:32 pm
Posts: 1
I've just received my Yubikey Neo and testing the same problem.

My configuration is:
MacBook (Intel Core Duo)
OS X 10.7.5
Chrome 47.0.2526.111 (64-bit)
Yubikey firmware 3.4.6

Neither Gmail nor the test area in Yubiko website work with U2F autentication.
Both sites don't recognize the key and the light doesn't blink.

If I use a Windows 7 (64-bit) computer, the key works good.
But in this case, if I try to access to gmail, the authentication with yubikey fails and I have to ask for a sms code.

Thank you for the support.


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 6:21 pm 
Offline

Joined: Sun Apr 03, 2016 6:19 pm
Posts: 1
I have the same issues with yubikey 4 on Mac OS X 10.10.5 with Chrome. Anybody knows any solution?
It works nice in FF with a plugin, but I cannot make it work in Chrome...


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 22, 2016 11:02 am 
Offline

Joined: Sun Nov 15, 2015 11:47 pm
Posts: 36
Assumptions:
  • Yubikey 4 and Yubikey NEO exhibit the same behavior wrt. U2F.
  • You are using the current/latest Chrome.
  • U2F is enabled on the Yubikey device.

I had no problem using Yubikey NEO with the current Chrome (v49.0.xxxx) on Mac OS X Yosemite and El Capitan (10.11.4). It correctly worked with the Yubico U2F demo site https://demo.yubico.com/u2f, and registered to Google account 2-step verification.

Notes:
  • I did not install U2F extension. Recent releases of Chrome support U2F in the browser itself.
  • Instead of following Chrome's instruction to remove and re-plug the Yubikey token, I had to keep it inserted throughout the entire registration process. Then Google registration succeeds. If you try to follow the instructions, registration will fail with the message "Something went wrong. Try again."


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 24, 2016 2:13 pm 
Offline

Joined: Wed Aug 24, 2016 2:09 pm
Posts: 1
Using the latest version of Chrome (version 52) on Windows 8.1.

I endorse mouse008's post saying that you need to have the key inserted throughout the process. Worked for me.

Thanks mouse008.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group