Passkey Support

[wermuthy]

Describe the Bug We are in the process of deploying a 2FA Solution with Passkeys. This is important to ensure account security. When we try to authenticate the user in SafeExamBrowser the authentification is not possible. Normally the browser should call Windows Hello to authenticate the user.

Sometimes, but not always the Windows Hello Prompt opens in the background and is visible when closing SafeExamBrowser.

Is there a way to enable Passkeys in SafeExamBrowser?

Steps to Reproduce Steps to reproduce the behavior:

1. Configure SafeExamBrowser to open https://webauthn.io/
2. Try registering or login
3. No Windows Hello Popup

Expected Behavior The user should be able to authenticate themselves with Windows Hello.

Version Information

• OS: Windows 10 Enterprise (Version 21H2)
• SEB-Version 3.5.0 and
• OS: Windows 11 Pro (Version 22H2)
• SEB-Version 3.7.0

Logs: 2024-06-18_11h25m52s_Browser.log 2024-06-18_11h25m52s_Client.log 2024-06-18_11h25m52s_Runtime.log 2024-06-18_11h25m52s_Service.log

[dbuechel]

You should be able to do so by allowing the required application as permitted third-party application in the SEB configuration (see https://safeexambrowser.org/windows/win_usermanual_en.html#ApplicationsPane). According to the log, you might simply need to allow the following application:

2024-06-18 11:26:06.408 [24] - DEBUG: [ApplicationMonitor] Process 'CredentialUIBroker.exe' (9632) has been started [Original Name: 'CredentialUIBroker.exe', Path: 'C:\Windows\System32\CredentialUIBroker.exe', Signature: bbd2c438000344f439bfdfe5abac3223357cd67f].

[wermuthy]

I tried adding 'CredentialUIBroker.exe' to the permitted applications. I saw that the camera got activated like before but there still is no Windows Hello Popup.

New Logs: 2024-06-19_11h15m45s_Service.log 2024-06-19_11h15m45s_Browser.log 2024-06-19_11h15m45s_Client.log 2024-06-19_11h15m45s_Runtime.log

[dbuechel]

The application seems to be configured and started correctly:

2024-06-19 11:16:00.952 [39] - DEBUG: [ApplicationMonitor] Process 'CredentialUIBroker.exe' (13104) has been started [Original Name: 'CredentialUIBroker.exe', Path: 'C:\Windows\System32\CredentialUIBroker.exe', Signature: bbd2c438000344f439bfdfe5abac3223357cd67f].
2024-06-19 11:16:00.952 [39] - DEBUG: [ApplicationMonitor] Detected start of whitelisted application instance 'CredentialUIBroker.exe' (13104).
2024-06-19 11:16:00.952 [34] - INFO: [CredentialUIBroker] New application instance was started.
2024-06-19 11:16:00.952 [34] - DEBUG: [Process 'CredentialUIBroker.exe' (13104)] Initialized termination event.
2024-06-19 11:16:00.952 [34] - INFO: [CredentialUIBroker (13104)] Initialized application instance.

Is that an UWP application? If yes, then it unfortunately won't work with SEB, as UWP applications are incompatible with the kiosk modes of SEB.

[wermuthy]

Windows Hello is a system component so therefore i believe it isn't an UWP application. It's probably part of the Windows Security Center, but there is no information online.

[github-actions[bot]]

This issue is stale because it has been open for 28 days with no activity. It will soon be closed automatically if there are no updates.

[strau0106]

This has been discussed in a few issues before, quite annoying.

I'd recommend to try and move the MS authentication out of seb. What LMS are you using? It would make it easier for the students as well as they wouldn't need to login as often.

[wermuthy]

We are using Moodle. The Problem is, that the authentication window appears as soon as the user tries to login to Moodle. I wouldn't have a idea how i could move the authentication out of seb.

[strau0106]

currently being tracked under #703 if i am not mistaken

[github-actions[bot]]

This issue is stale because it has been open for 28 days with no activity. It will soon be closed automatically if there are no updates.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.