From fc58af1365f596962b5c8e8c1202bea3ce325abe Mon Sep 17 00:00:00 2001 From: Takashi Norimatsu Date: Wed, 19 Feb 2020 09:05:58 +0900 Subject: [PATCH] KEYCLOAK-12696 Upgrade to webauthn4j 0.10.2.RELEASE --- .../resources/licenses/keycloak/licenses.xml | 8 ++-- .../resources/licenses/rh-sso/licenses.xml | 8 ++-- pom.xml | 2 +- .../browser/WebAuthnAuthenticator.java | 22 +++++++--- .../requiredactions/WebAuthnRegister.java | 44 +++++++++++-------- .../AttestationStatementConverter.java | 11 ++--- .../CredentialPublicKeyConverter.java | 11 ++--- .../WebAuthnCredentialModelInput.java | 27 ++++++++---- .../WebAuthnCredentialProvider.java | 37 +++++++++------- .../WebAuthnCredentialProviderFactory.java | 4 +- ...ebAuthnPasswordlessCredentialProvider.java | 6 +-- ...PasswordlessCredentialProviderFactory.java | 6 +-- 12 files changed, 111 insertions(+), 75 deletions(-) diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/keycloak/licenses.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/keycloak/licenses.xml index 319073d440..d71d718e5b 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/keycloak/licenses.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/keycloak/licenses.xml @@ -521,22 +521,22 @@ com.webauthn4j webauthnj4-core - 0.9.14.RELEASE + 0.10.2.RELEASE Apache Software License 2.0 - https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.9.14.RELEASE/LICENSE.txt + https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt com.webauthn4j webauthnj4-util - 0.9.14.RELEASE + 0.10.2.RELEASE Apache Software License 2.0 - https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.9.14.RELEASE/LICENSE.txt + https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/rh-sso/licenses.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/rh-sso/licenses.xml index fd4472ffdf..f02d743619 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/rh-sso/licenses.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/licenses/rh-sso/licenses.xml @@ -521,22 +521,22 @@ com.webauthn4j webauthnj4-core - 0.9.14.RELEASE + 0.10.2.RELEASE Apache Software License 2.0 - https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.9.14.RELEASE/LICENSE.txt + https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt com.webauthn4j webauthnj4-util - 0.9.14.RELEASE + 0.10.2.RELEASE Apache Software License 2.0 - https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.9.14.RELEASE/LICENSE.txt + https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt diff --git a/pom.xml b/pom.xml index 2dc55d2565..8fb043d7ab 100755 --- a/pom.xml +++ b/pom.xml @@ -169,7 +169,7 @@ 2.2.0.RELEASE - 0.9.14.RELEASE + 0.10.2.RELEASE 2.0.0 diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/WebAuthnAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/WebAuthnAuthenticator.java index e0eb158773..f5805e4e2f 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/WebAuthnAuthenticator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/WebAuthnAuthenticator.java @@ -16,13 +16,16 @@ package org.keycloak.authentication.authenticators.browser; -import com.webauthn4j.data.WebAuthnAuthenticationContext; +import com.webauthn4j.data.AuthenticationParameters; +import com.webauthn4j.data.AuthenticationRequest; import com.webauthn4j.data.client.Origin; import com.webauthn4j.data.client.challenge.Challenge; import com.webauthn4j.data.client.challenge.DefaultChallenge; import com.webauthn4j.server.ServerProperty; import com.webauthn4j.util.exception.WebAuthnException; + import org.jboss.logging.Logger; + import org.keycloak.WebAuthnConstants; import org.keycloak.authentication.AuthenticationFlowContext; import org.keycloak.authentication.AuthenticationFlowError; @@ -177,17 +180,24 @@ public class WebAuthnAuthenticator implements Authenticator, CredentialValidator if (WebAuthnConstants.OPTION_REQUIRED.equals(userVerificationRequirement)) isUVFlagChecked = true; UserModel user = session.users().getUserById(userId, context.getRealm()); - WebAuthnAuthenticationContext authenticationContext = new WebAuthnAuthenticationContext( + + AuthenticationRequest authenticationRequest = new AuthenticationRequest( credentialId, - clientDataJSON, authenticatorData, - signature, + clientDataJSON, + signature + ); + + AuthenticationParameters authenticationParameters = new AuthenticationParameters( server, + null, // here authenticator cannot be fetched, set it afterwards in WebAuthnCredentialProvider.isValid() isUVFlagChecked - ); + ); WebAuthnCredentialModelInput cred = new WebAuthnCredentialModelInput(getCredentialType()); - cred.setAuthenticationContext(authenticationContext); + + cred.setAuthenticationRequest(authenticationRequest); + cred.setAuthenticationParameters(authenticationParameters); boolean result = false; try { diff --git a/services/src/main/java/org/keycloak/authentication/requiredactions/WebAuthnRegister.java b/services/src/main/java/org/keycloak/authentication/requiredactions/WebAuthnRegister.java index 27e7f9bbd1..bbcc9c11e3 100644 --- a/services/src/main/java/org/keycloak/authentication/requiredactions/WebAuthnRegister.java +++ b/services/src/main/java/org/keycloak/authentication/requiredactions/WebAuthnRegister.java @@ -19,6 +19,7 @@ package org.keycloak.authentication.requiredactions; import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.Base64; +import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @@ -47,19 +48,19 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.UserModel; import org.keycloak.models.WebAuthnPolicy; -import com.webauthn4j.converter.util.CborConverter; -import com.webauthn4j.converter.util.JsonConverter; -import com.webauthn4j.data.WebAuthnRegistrationContext; +import com.webauthn4j.WebAuthnManager; +import com.webauthn4j.converter.util.ObjectConverter; import com.webauthn4j.data.attestation.authenticator.AttestedCredentialData; import com.webauthn4j.data.attestation.statement.AttestationStatement; import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier; import com.webauthn4j.data.client.Origin; import com.webauthn4j.data.client.challenge.Challenge; import com.webauthn4j.data.client.challenge.DefaultChallenge; +import com.webauthn4j.data.RegistrationRequest; +import com.webauthn4j.data.RegistrationData; +import com.webauthn4j.data.RegistrationParameters; import com.webauthn4j.server.ServerProperty; import com.webauthn4j.util.exception.WebAuthnException; -import com.webauthn4j.validator.WebAuthnRegistrationContextValidationResponse; -import com.webauthn4j.validator.WebAuthnRegistrationContextValidator; import com.webauthn4j.validator.attestation.statement.androidkey.AndroidKeyAttestationStatementValidator; import com.webauthn4j.validator.attestation.statement.androidsafetynet.AndroidSafetyNetAttestationStatementValidator; import com.webauthn4j.validator.attestation.statement.none.NoneAttestationStatementValidator; @@ -204,19 +205,24 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis // check User Verification by considering a malicious user might modify the result of calling WebAuthn API boolean isUserVerificationRequired = policy.getUserVerificationRequirement().equals(WebAuthnConstants.OPTION_REQUIRED); + RegistrationRequest registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON); + RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, isUserVerificationRequired); + + WebAuthnManager webAuthnManager = createWebAuthnManager(); try { - WebAuthnRegistrationContext registrationContext = new WebAuthnRegistrationContext(clientDataJSON, attestationObject, serverProperty, isUserVerificationRequired); - WebAuthnRegistrationContextValidator webAuthnRegistrationContextValidator = createWebAuthnRegistrationContextValidator(); - WebAuthnRegistrationContextValidationResponse response = webAuthnRegistrationContextValidator.validate(registrationContext); + // parse + RegistrationData registrationData = webAuthnManager.parse(registrationRequest); + // validate + webAuthnManager.validate(registrationData, registrationParameters); - showInfoAfterWebAuthnApiCreate(response); + showInfoAfterWebAuthnApiCreate(registrationData); - checkAcceptedAuthenticator(response, policy); + checkAcceptedAuthenticator(registrationData, policy); WebAuthnCredentialModelInput credential = new WebAuthnCredentialModelInput(getCredentialType()); - credential.setAttestedCredentialData(response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData()); - credential.setCount(response.getAttestationObject().getAuthenticatorData().getSignCount()); + credential.setAttestedCredentialData(registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData()); + credential.setCount(registrationData.getAttestationObject().getAuthenticatorData().getSignCount()); // Save new webAuthn credential WebAuthnCredentialProvider webAuthnCredProvider = (WebAuthnCredentialProvider) this.session.getProvider(CredentialProvider.class, getCredentialProviderId()); @@ -245,8 +251,8 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis } } - private WebAuthnRegistrationContextValidator createWebAuthnRegistrationContextValidator() { - return new WebAuthnRegistrationContextValidator( + private WebAuthnManager createWebAuthnManager() { + return new WebAuthnManager( Arrays.asList( new NoneAttestationStatementValidator(), new PackedAttestationStatementValidator(), @@ -257,8 +263,10 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis ), this.certPathtrustValidator, new DefaultECDAATrustworthinessValidator(), new DefaultSelfAttestationTrustworthinessValidator(), - new JsonConverter(), - new CborConverter()); + Collections.emptyList(), // Custom Registration Validator is not supported + Collections.emptyList(), // Custom Authentication Validator is not supported + new ObjectConverter() + ); } private String stringifySignatureAlgorithms(List signatureAlgorithmsList) { @@ -304,7 +312,7 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis return sb.toString(); } - private void showInfoAfterWebAuthnApiCreate(WebAuthnRegistrationContextValidationResponse response) { + private void showInfoAfterWebAuthnApiCreate(RegistrationData response) { AttestedCredentialData attestedCredentialData = response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(); AttestationStatement attestationStatement = response.getAttestationObject().getAttestationStatement(); logger.debugv("createad key's algorithm = {0}", String.valueOf(attestedCredentialData.getCOSEKey().getAlgorithm().getValue())); @@ -312,7 +320,7 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis logger.debugv("attestation format = {0}", attestationStatement.getFormat()); } - private void checkAcceptedAuthenticator(WebAuthnRegistrationContextValidationResponse response, WebAuthnPolicy policy) throws Exception { + private void checkAcceptedAuthenticator(RegistrationData response, WebAuthnPolicy policy) throws Exception { String aaguid = response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid().toString(); List acceptableAaguids = policy.getAcceptableAaguids(); boolean isAcceptedAuthenticator = false; diff --git a/services/src/main/java/org/keycloak/credential/AttestationStatementConverter.java b/services/src/main/java/org/keycloak/credential/AttestationStatementConverter.java index d045f1dbf6..750f6cc744 100644 --- a/services/src/main/java/org/keycloak/credential/AttestationStatementConverter.java +++ b/services/src/main/java/org/keycloak/credential/AttestationStatementConverter.java @@ -16,6 +16,7 @@ package org.keycloak.credential; +import com.webauthn4j.converter.util.ObjectConverter; import org.keycloak.common.util.Base64Url; import com.webauthn4j.converter.util.CborConverter; @@ -23,20 +24,20 @@ import com.webauthn4j.data.attestation.statement.AttestationStatement; public class AttestationStatementConverter { - private CborConverter converter; + private CborConverter cborConverter; - public AttestationStatementConverter(CborConverter converter) { - this.converter = converter; + public AttestationStatementConverter(ObjectConverter objectConverter) { + this.cborConverter = objectConverter.getCborConverter(); } public String convertToDatabaseColumn(AttestationStatement attribute) { AttestationStatementSerializationContainer container = new AttestationStatementSerializationContainer(attribute); - return Base64Url.encode(converter.writeValueAsBytes(container)); + return Base64Url.encode(cborConverter.writeValueAsBytes(container)); } public AttestationStatement convertToEntityAttribute(String dbData) { byte[] data = Base64Url.decode(dbData); - AttestationStatementSerializationContainer container = converter.readValue(data, AttestationStatementSerializationContainer.class); + AttestationStatementSerializationContainer container = cborConverter.readValue(data, AttestationStatementSerializationContainer.class); return container.getAttestationStatement(); } } diff --git a/services/src/main/java/org/keycloak/credential/CredentialPublicKeyConverter.java b/services/src/main/java/org/keycloak/credential/CredentialPublicKeyConverter.java index 3286d98383..d87a54b7e5 100644 --- a/services/src/main/java/org/keycloak/credential/CredentialPublicKeyConverter.java +++ b/services/src/main/java/org/keycloak/credential/CredentialPublicKeyConverter.java @@ -16,6 +16,7 @@ package org.keycloak.credential; +import com.webauthn4j.converter.util.ObjectConverter; import org.keycloak.common.util.Base64Url; import com.webauthn4j.converter.util.CborConverter; @@ -23,17 +24,17 @@ import com.webauthn4j.data.attestation.authenticator.COSEKey; public class CredentialPublicKeyConverter { - private CborConverter converter; + private CborConverter cborConverter; - public CredentialPublicKeyConverter(CborConverter converter) { - this.converter = converter; + public CredentialPublicKeyConverter(ObjectConverter objectConverter) { + this.cborConverter = objectConverter.getCborConverter(); } public String convertToDatabaseColumn(COSEKey credentialPublicKey) { - return Base64Url.encode(converter.writeValueAsBytes(credentialPublicKey)); + return Base64Url.encode(cborConverter.writeValueAsBytes(credentialPublicKey)); } public COSEKey convertToEntityAttribute(String s) { - return converter.readValue(Base64Url.decode(s), COSEKey.class); + return cborConverter.readValue(Base64Url.decode(s), COSEKey.class); } } diff --git a/services/src/main/java/org/keycloak/credential/WebAuthnCredentialModelInput.java b/services/src/main/java/org/keycloak/credential/WebAuthnCredentialModelInput.java index f0362fc558..87f94cbc0b 100644 --- a/services/src/main/java/org/keycloak/credential/WebAuthnCredentialModelInput.java +++ b/services/src/main/java/org/keycloak/credential/WebAuthnCredentialModelInput.java @@ -18,17 +18,18 @@ package org.keycloak.credential; import org.keycloak.common.util.Base64; -import com.webauthn4j.data.WebAuthnAuthenticationContext; +import com.webauthn4j.data.AuthenticationParameters; +import com.webauthn4j.data.AuthenticationRequest; import com.webauthn4j.data.attestation.authenticator.AttestedCredentialData; import com.webauthn4j.data.attestation.authenticator.COSEKey; import com.webauthn4j.data.attestation.statement.AttestationStatement; -import org.keycloak.models.credential.WebAuthnCredentialModel; public class WebAuthnCredentialModelInput implements CredentialInput { private AttestedCredentialData attestedCredentialData; private AttestationStatement attestationStatement; - private WebAuthnAuthenticationContext authenticationContext; + private AuthenticationParameters authenticationParameters; // not persisted because it can only be used on authentication operation. + private AuthenticationRequest authenticationRequest; // not persisted because it can only be used on authentication operation. private long count; private String credentialDBId; private final String credentialType; @@ -65,12 +66,20 @@ public class WebAuthnCredentialModelInput implements CredentialInput { return count; } - public WebAuthnAuthenticationContext getAuthenticationContext() { - return authenticationContext; + public AuthenticationParameters getAuthenticationParameters() { + return authenticationParameters; } - public void setAuthenticationContext(WebAuthnAuthenticationContext authenticationContext) { - this.authenticationContext = authenticationContext; + public void setAuthenticationParameters(AuthenticationParameters authenticationParameters) { + this.authenticationParameters = authenticationParameters; + } + + public AuthenticationRequest getAuthenticationRequest() { + return authenticationRequest; + } + + public void setAuthenticationRequest(AuthenticationRequest authenticationRequest) { + this.authenticationRequest = authenticationRequest; } public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) { @@ -127,10 +136,10 @@ public class WebAuthnCredentialModelInput implements CredentialInput { .append(credPubKey.getKeyType().name()) .append(","); } - if (authenticationContext != null) { + if (authenticationRequest != null) { // only set on Authentication sb.append("Credential Id = ") - .append(Base64.encodeBytes(authenticationContext.getCredentialId())) + .append(Base64.encodeBytes(authenticationRequest.getCredentialId())) .append(","); } if (sb.length() > 0) diff --git a/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProvider.java b/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProvider.java index 972a02525c..b9b06a8100 100644 --- a/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProvider.java +++ b/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProvider.java @@ -21,6 +21,7 @@ import java.util.Arrays; import java.util.List; import java.util.stream.Collectors; +import com.webauthn4j.converter.util.ObjectConverter; import org.jboss.logging.Logger; import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory; import org.keycloak.common.util.Base64; @@ -29,15 +30,15 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; +import com.webauthn4j.WebAuthnManager; import com.webauthn4j.authenticator.Authenticator; import com.webauthn4j.authenticator.AuthenticatorImpl; -import com.webauthn4j.converter.util.CborConverter; +import com.webauthn4j.data.AuthenticationData; +import com.webauthn4j.data.AuthenticationParameters; import com.webauthn4j.data.attestation.authenticator.AAGUID; import com.webauthn4j.data.attestation.authenticator.AttestedCredentialData; import com.webauthn4j.data.attestation.authenticator.COSEKey; import com.webauthn4j.util.exception.WebAuthnException; -import com.webauthn4j.validator.WebAuthnAuthenticationContextValidationResponse; -import com.webauthn4j.validator.WebAuthnAuthenticationContextValidator; import org.keycloak.models.credential.WebAuthnCredentialModel; import org.keycloak.models.credential.dto.WebAuthnCredentialData; @@ -53,12 +54,12 @@ public class WebAuthnCredentialProvider implements CredentialProvider auths = getWebAuthnCredentialModelList(realm, user); - WebAuthnAuthenticationContextValidator webAuthnAuthenticationContextValidator = - new WebAuthnAuthenticationContextValidator(); + WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager(); // not special setting is needed for authentication's validation. + AuthenticationData authenticationData = null; + try { for (WebAuthnCredentialModelInput auth : auths) { byte[] credentialId = auth.getAttestedCredentialData().getCredentialId(); - if (Arrays.equals(credentialId, context.getAuthenticationContext().getCredentialId())) { + if (Arrays.equals(credentialId, context.getAuthenticationRequest().getCredentialId())) { Authenticator authenticator = new AuthenticatorImpl( auth.getAttestedCredentialData(), auth.getAttestationStatement(), auth.getCount() ); - // WebAuthnException is thrown if validation fails - WebAuthnAuthenticationContextValidationResponse response = - webAuthnAuthenticationContextValidator.validate( - context.getAuthenticationContext(), - authenticator); + // parse + authenticationData = webAuthnManager.parse(context.getAuthenticationRequest()); + // validate + AuthenticationParameters authenticationParameters = new AuthenticationParameters( + context.getAuthenticationParameters().getServerProperty(), + authenticator, + context.getAuthenticationParameters().isUserVerificationRequired() + ); + webAuthnManager.validate(authenticationData, authenticationParameters); - logger.debugv("response.getAuthenticatorData().getFlags() = {0}", response.getAuthenticatorData().getFlags()); + + logger.debugv("response.getAuthenticatorData().getFlags() = {0}", authenticationData.getAuthenticatorData().getFlags()); // update authenticator counter long count = auth.getCount(); diff --git a/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProviderFactory.java b/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProviderFactory.java index 761af41622..ba13af2137 100644 --- a/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProviderFactory.java +++ b/services/src/main/java/org/keycloak/credential/WebAuthnCredentialProviderFactory.java @@ -19,14 +19,14 @@ package org.keycloak.credential; import org.keycloak.common.Profile; import org.keycloak.models.KeycloakSession; -import com.webauthn4j.converter.util.CborConverter; +import com.webauthn4j.converter.util.ObjectConverter; import org.keycloak.provider.EnvironmentDependentProviderFactory; public class WebAuthnCredentialProviderFactory implements CredentialProviderFactory, EnvironmentDependentProviderFactory { public static final String PROVIDER_ID = "keycloak-webauthn"; - private static CborConverter converter = new CborConverter(); + private static ObjectConverter converter = new ObjectConverter(); @Override public CredentialProvider create(KeycloakSession session) { diff --git a/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProvider.java b/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProvider.java index ac7308a8fb..d5b91c1ad9 100644 --- a/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProvider.java +++ b/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProvider.java @@ -18,7 +18,7 @@ package org.keycloak.credential; -import com.webauthn4j.converter.util.CborConverter; +import com.webauthn4j.converter.util.ObjectConverter; import org.keycloak.authentication.requiredactions.WebAuthnPasswordlessRegisterFactory; import org.keycloak.models.KeycloakSession; import org.keycloak.models.credential.WebAuthnCredentialModel; @@ -30,8 +30,8 @@ import org.keycloak.models.credential.WebAuthnCredentialModel; */ public class WebAuthnPasswordlessCredentialProvider extends WebAuthnCredentialProvider { - public WebAuthnPasswordlessCredentialProvider(KeycloakSession session, CborConverter converter) { - super(session, converter); + public WebAuthnPasswordlessCredentialProvider(KeycloakSession session, ObjectConverter objectConverter) { + super(session, objectConverter); } @Override diff --git a/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProviderFactory.java b/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProviderFactory.java index c317567a41..f621455918 100644 --- a/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProviderFactory.java +++ b/services/src/main/java/org/keycloak/credential/WebAuthnPasswordlessCredentialProviderFactory.java @@ -18,7 +18,7 @@ package org.keycloak.credential; -import com.webauthn4j.converter.util.CborConverter; +import com.webauthn4j.converter.util.ObjectConverter; import org.keycloak.common.Profile; import org.keycloak.models.KeycloakSession; import org.keycloak.provider.EnvironmentDependentProviderFactory; @@ -30,11 +30,11 @@ public class WebAuthnPasswordlessCredentialProviderFactory implements Credential public static final String PROVIDER_ID = "keycloak-webauthn-passwordless"; - private static CborConverter converter = new CborConverter(); + private static ObjectConverter objectConverter = new ObjectConverter(); @Override public CredentialProvider create(KeycloakSession session) { - return new WebAuthnPasswordlessCredentialProvider(session, converter); + return new WebAuthnPasswordlessCredentialProvider(session, objectConverter); } @Override