The SurePassID API Server returns the message "Credential could not be verified." when token credentials fail the initial pre-check phase prior to user authentication using WebAuthn algorithms. This response indicates that the authentication process was unable to establish the validity of the presented credentials.
This issue is most commonly attributable to configuration errors within the environment. For environments leveraging WLM, it is critical to ensure that the FIDO2 Origin setting precisely matches the rpId value specified in the FIDO section of the Api-server’s appsettings.json configuration file. Any mismatch between these settings will prevent successful credential verification and disrupt the authentication flow. refer to the article below:
If you have validated all configuration parameters within appsettings.json and confirmed that values such as Origin and rpId are correct, but the issue persists, further investigation is needed. At this point, consult the server logs—specifically, the mfa-server.log file located in the API Server’s root directory. The log will contain detailed diagnostic information, including event records, error traces, and contextual messages, enabling you to identify the root cause of the pre-authentication failure.
For comprehensive guidance on interpreting log output and optimizing logging settings, refer to the article linked below.
How do I turn logging on for Fido2
This resource covers all aspects of SurePassID logging, including enabling log output, adjusting verbosity, and integrating with SIEM or SOAR platforms for advanced monitoring and incident response.
How do I turn logging on for Fido2