VIP Authentication HUB - FIDO authentication is failing in production after signing key upgrade
search cancel

VIP Authentication HUB - FIDO authentication is failing in production after signing key upgrade

book

Article ID: 280347

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

We upgraded our Signing Keys but after the upgrade the FIDO Authentication is failing for all users.

Environment

VIP AuthHub -  2.2.2 

Cause

 Mobile SDK is caching JWKS API response ,hence when cert is getting renewed its not getting updated with the latest keys.

 For PASSWORD + OTP/MFA flows its working fine - as in this flow mobile SDK is calling /jwk end point but during FIDO flow it is missing.
 

Resolution

Broadcom is going to fix this cache-policy configuration for /jwks call in AuthHub SDKs (iOS and Android) in upcoming release.

As a workaround on existing releases, you can override response header "Cache-Control" with value "no-store" for /jwks API which will force Android and iOS not to cache response and fetch the response every call.

 

Powered by Wolken Software