cgeorgilakis
commented
3 years ago In order to use WebAuthN admin user must add Webauthn Register Passwordless or Webauthn Register as enabled Required actions in the authedication. Admin user can require a User have Webauthn Register Passwordless or Webauthn Register or this can be done via a workflow ( fe in a IdP in first login process to require add a Webauthn Register Passwordless or Webauthn Register).
User can configure his WebAuthn with following manners:
- security key with USB (only this available in pc browser)
- security key with Bluetooth
- security key with NFC
- using his mobile phone closing screen. In my mobile phone it asks for fingerprint.
In a authedication flow if you add WebAuthn Authenticator, user must/should add hiw configured WebAuthn Authenticator f.e. fingerprint.
Problems exists for User that are login via IdPs.
Keycloak supports WebAuthN. Documentation : https://www.keycloak.org/docs/latest/server_admin/index.html#_webauthn .
Their general comment is : Keycloak provides the limited support for W3C Web Authentication (WebAuthn). Keycloak works as a WebAuthn’s Relying Party (RP). Please note that WebAuthn support is still in development and not yet complete, so we recommend that you use this feature experimentally. Also, this support’s specification and user interfaces may change.