Using U2F Keys with non-Chome browsers or Linux
The following notes are largely plagiarized, based on information provided by a clever person in OIT.
You may need to make a special configuration to make U2F keys work with Duo using browsers other than Chrome, or under Linux.
Changing the User Agent String for Firefox, Vivaldi, Opera
You need a plugin called: “Custom UserAgent String” for your browser.
- Chrome-based browsers (e.g., Chromium, Vivaldi): http://mybrowseraddon.com/custom-useragent-string.html
- FireFox at: https://addons.mozilla.org/en-US/firefox/addon/custom-useragent-string/
- Opera at: https://addons.opera.com/en/extensions/details/custom-useragent-string/
Once you have it installed, you just have to set a trigger URL. For the trigger, you want:
https://shib.ncsu.edu/idp/profile/SAML2/Redirect
To return the browser string of:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.1
Linux Configuration
(1) Make sure udev is set up so that your hidraw device is available.
You can do this by adding the information below to the u2f.rules file in the /etc/udev/rules.d directory. This is a device mapping file.
(This has been tried under RHEL but not Ubuntu, although it is believed to work similarly – if not you’ll need to check the mapping to custom rules for udev. )
#------------------/etc/udev/rules.d/u2f.rules------------------------------ # this udev file should be used with udev 188 and newer ACTION!="add|change", GOTO="u2f_end" # Yubico YubiKey KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess" # Happlink (formerly Plug-Up) Security KEY KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess" # Neowave Keydo and Keydo AES KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess" # Feitian ePass FIDO KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850", TAG+="uaccess" # JaCarta U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101", TAG+="uaccess" # U2F Zero u2f KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10C4", ATTRS{idProduct}=="8ACF", TAG+="uaccess" LABEL="u2f_end" #------------------u2f.rules-----------------------------------
(2) Reboot
(3) Check with lsusb
You should see your device in a “lsusb” command:
Example:
[150] astaroth ~>lsusb ... Bus 003 Device 003: ID 096e:0880 Feitian Technologies, Inc.
Your device should match the 096e string as shown above.