Problems with U2F authentication
Summary
One U2F device shows up as different devices when used from different computers.
Steps to reproduce
- Turn off 2FA (gitlab said that also all U2F device entries were deleted)
- Turn 2FA on, add device on computer1
- Logout, login on computer1 using U2F -> works, logoff
- Go to computer2
- Try login with U2F device -> device is not recognised
- Login on computer2 using 2FA pin code.
- Readded device on computer2
computer1 is debian jessie, computer2 is ubuntu xenial. Both maybe not 100% supplied with stock packages.
Expected behavior
It should be seen as one device, even when used from different computers
Actual behavior
It is seen as separate devices
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise.)
Output of checks
Here is the rails output:
Loading production environment (Rails 4.2.7.1)
irb(main):001:0>
User.find_by(email:'sanitized@email.example').u2f_registrations
=> #<ActiveRecord::Associations::CollectionProxy [#<U2fRegistration id: 3,
certificate: "MIIC...EsMC...",
key_handle: "ePUB...-vqw...",
public_key: "BK49...+Xij...",
counter: 12, user_id: 3, created_at: "2017-02-08 00:48:47", updated_at:
"2017-02-08 00:53:04", name: "device3">, #<U2fRegistration id: 4,
certificate: "MIIC...EsMC...",
key_handle: "5yuW...FuCV...",
public_key: "BMGe...KpiA...",
counter: 0, user_id: 3, created_at: "2017-02-08 00:54:48", updated_at:
"2017-02-08 00:54:48", name: "device4">]>
This is happening on GitLab 8.16.4-ee