Hi,
I want to use my FIDO2 key as logon option in Azure AD.
According to these release note:
https://www.nitrokey.com/news/2020/nitrokey-fido2-firmware-20-update
the actual firmware should support “AAGUID”, which I need for unlocking the Nitrokey FIDO2 keys in Azure AD, because only certain key types should be allowed (Restrict specific keys).
I could not find any docs like for the YubiKeys in your forum, Q&A, …
Thanks and BR SteCee
Right, we need to publish such information more obvious. Our AAGUID is 04 10 C3 9E FB A6 FC F4 4C 3E 82 8B FC 4A 61 15 A0 FF
Hi Jan,
thank you for your support.
The AAGUID to be entered in Azure and for YubiKey communicated is like described here:
The error message is:
The input must be in a valid Guid format. Example: 12345678-0000-0000-0000-123456780000
The Nitrokey is 4-CHAR longer than these other AAGUIDs (here: A0 FF).
It should be a 128-bit identifier.
Thanks
Hi!
Sorry for the confusion. The pasted AAGUID is encoded in the DER format, where the first two bytes mean type and length of the data respectively. The actual AAGUID is:
C3 9E FB A6 FC F4 4C 3E 82 8B FC 4A 61 15 A0 FF, orc39efba6-fcf4-4c3e-828b-fc4a6115a0ffAnd this is what is returned to the host on the query.
Source code.