Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Hello,
I am having an issue setting up MFA with YubiKey.
I followed this guide to get a client ID and API Key and was able to enable this feature: Passbolt Help | How to configure passbolt to use Yubikey OTP
However when a user tries to enable his YubiKey he gets the error “This OTP is not valid.”
Using the Yubico website to validate the OTP works and validate it: Yubico demo website
The server is using NTP and have the correct time.
Using tcpdump on the Passbolt server, I do not see any request going out to the Yubico servers when trying to validate the OTP.
The server is able to reach the api*.yubico.com urls.
Server is running RedHat 9.1
Passbolt-CE is version 3.12.0-2
PHP 8.1.17-1.el9 (remi repos)
There is nothing logged in /var/log/passbolt when validating the OTP
Not sur it is related, but I have the following error in the javascript console: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
I tried changing web brower or clearing cache but I always have the same error.
Does anyone have an idea of what is causing this issue?