Internet Identity in QubesOS

I was not able to get II working on GrapheneOS, so here is me trying it on QubesOS.

Operating System: QubesOS 4.2.4
Passkey used: Nitrokey 3A NFC (FIDO2)

Adding the QubesOS device to an existing II

I was able to add the QubesOS device to an existing II. It shows up, when I login on another device.
When I try to login to II on my QubesOS device, I get this error:

II_login_edit846×565 55.3 KB

When I try to login to any app using II, I get this error:

“Something went wrong during authentication. Authenticating service was notified and you may close this page.”

Creating a new II on identity.ic0.app

Creating a new II worked. I was logged in and navigated the site.
After logout I was not able to get back in with the aforementioned errors (see above).

Creating a new II on id.ai

Creating an II worked, I put in my name and saw my device listed.
After logout I was somewhat able to get back in. It showed me the site, but my name and the devices were not visible anymore (see image in reply).

(If anyone has a link to an app that uses id.ai login, let me know, so I can test that.)

Login to id.ai:

id-ai922×408 21.6 KB

This is strange… Do other applications in the Internet Computer work for you?

You can try logging into our Test App. Click on “Try the new sign-in experience” and it should open II and then redirect you back to the test app.

I tried several apps, like OpenChat, NNS and others. It always gives me the error:

“Something went wrong during authentication. Authenticating service was notified and you may close this page.”

The only exception is login to II itself, which gives me the error shown above.

I tried it on the beta. I have the same results as described above. I can create an II and it seems to work, but after logout and login I just get the error:

”Something went wrong during authentication. Authenticating service was notified and you may close this page.”

The authentication error means that there was a problem with the window post message. Maybe QubesOS blocks window post messages?

Regarding the error in II itself, do you know how to open the Dev Tools and check for errors there?

I’m not knowledgeable enough to troubleshoot the problem through the Dev Tools. It shows me several errors, like “POST” errors or “Uncaught (in promise) AgentCallError: Error while making call: Server returned an error:”. I can also expand these errors.

Do you want me to post the full console log here (or in DMs)?

I also tested the login on webauthn-io and it was successful.

Another interesting thing: When I log into II directly, it asks me if i want to add another device for security (“Add another device You only have one passkey attached to this identity…”). So it looks like the login worked. But when I click “Remind me later”, I just get the big 400 error shown above.

Yes, send me the full console.log in DM, thanks!

I don’t know about QubesOS, but based on what you are saying, I’d say that they are blocking the window post messages, which II needs to log in to any application.

I read something about QubesOS that it doesn’t allow transfer of data across Qubes, so, that must be why it’s blocked. Could you try different browsers as well?