We are trying to add authentication via Yubico FIDO U2F Security Key to our admin website. This works in FireFox with the U2F add-on installed but signing a challenge (using javascript) to log in keeps returning {errorCode: 4}.
Does anyone know why that might be happening or how I can debug what is going wrong?
Thanks in advance.
Details
Our website is made in Java with the ZK Framework. On server side we use the java-u2flib-server library. We sign the requests on client side using javascript in the zul files using the high level api functions u2f.register and u2f.sign.
Registration
To register a key the user first enters name and password and submits. The server creates the RegistrationData and goes to a second page. There, we use javascript function u2f.register. In the callback we send the response with the DeviceRegistration to the server.
This works both in FireFox and Chrome.
Authentication/login
The login is done similarly. When submitting the first page the server gives the DeviceRegistration json and a challenge to a second page. The page uses u2f.sign and sends the DeviceResponse to the server in the callback.
This works in Firefox but in Chrome, u2f.sign keeps returning {errorCode: 4}.
According to the documentation this means the device does not know the received DeviceRegistration but that seems unlikely since the same code works in firefox and I checked that they receive the same json from the server.
Error code 4 - DEVICE_INELIGIBLE -
The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle.
