Unsolved
7 Posts
0
933
Yubikey
Has anyone been able to get Yubikey 5 to work with wyse 3040s or 3000s?
Nothing we've tried so far has worked? It's like the USB redirect isn't working for them.
Thanks
Unsolved
7 Posts
0
933
Has anyone been able to get Yubikey 5 to work with wyse 3040s or 3000s?
Nothing we've tried so far has worked? It's like the USB redirect isn't working for them.
Thanks
Top
buffalobound
3 Apprentice
3 Apprentice
•
712 Posts
0
June 16th, 2023 06:00
What broker?
What version of ThinOS?
How are you trying to use it? Pre session auth, or browser in session?
Does it work in windows?
tclark77
7 Posts
0
June 16th, 2023 06:00
Broker: Horizon
ThinOS: 2303 (9.4.1141)
Use after logged into a Windows VM for 2FA to a web service
It works fine in physical Windows pcs
Someone said that the USB redirection was a Dell issue that's supposed to be fixed in the next ThinOS release this month.
I don't know if there's any truth to that.
It appears that USB redirection for the Yubikey 'smartcard' is not working. It lights up showing it has power but the remote VM windows never sees it.
buffalobound
3 Apprentice
3 Apprentice
•
712 Posts
0
June 16th, 2023 07:00
Force redirect should be able to send the key into the VDI Session.
Can you share a screenshot of your Force Redirect VID/PID and also your USB device list when plugging in the Yubikey?
FIDO pre session Auth to broker is a different story and requires broker client support. I know it is near for CWA, but Horizoin is lagging.
tclark77
7 Posts
0
June 16th, 2023 08:00
We had tired the following:
0x1050
0x0407
0x1050&0407
vid-1050_pid-0407
All kinds if variations of those.
And this device also
Was trying to get it to work with Peripheral Management USB redirection
and also under Sessions, Blast Session Settings, Include Vid\Pid USB Device redirection
So far nothing works.
tclark77
7 Posts
0
June 19th, 2023 08:00
Setting the yubikey to OTP only did nothing.
Still does not show on the remote Widnows VM via the thin clients.
buffalobound
3 Apprentice
3 Apprentice
•
712 Posts
0
June 19th, 2023 08:00
I am testing with pre release code for 2306 and I can get the OTP to generate using the test page. I installed the Yubikey manager software and it can see the device, but throws an error for OTP or FIDO2. I have tested with both Yubikey 4 and 5
I have reached out to a peer with VMware for feedback, and will share if I hear back.
buffalobound
3 Apprentice
3 Apprentice
•
712 Posts
0
June 19th, 2023 08:00
I have been trying to get this to work using the Windows Horizon client as a starting point and cant.
I am using the Yubikey Demo Site. https://demo.yubico.com/
OTP works, but WebAuth does not.
I tried the same under ThinOS and same behavior.
Perhaps we are running into a Horizon/Windows limitation?
https://www.reddit.com/r/yubikey/comments/p1ksmi/webauth_passthrough_to_vmware_horizon/
tclark77
7 Posts
0
June 19th, 2023 09:00
Junk.
Wish we hadn't bought these yubi things now.
Thanks for the info!
buffalobound
3 Apprentice
3 Apprentice
•
712 Posts
0
June 19th, 2023 09:00
Sounds like FIDO2 redirection for Horizon is coming to the Windows client in the next "couple of months" and Mac client probably 3-6 months after that. Since ThinOS uses the Linux client we will need to wait for official support from Horizon before forecasting support.