cwchristerw
commented
1 month ago Related partially to #131 using general standard name instead of just Yubikey support. Comments talk about U2F because mentioned issue is from before the FIDO2 standard. FIDO2 Standard includes support for U2F standard.
Is your feature request related to a problem? Please describe. Currently I can't use FIDO2 Passkeys / WebAuthn for passwordless login or for multi-factor authentication.
Describe the solution you'd like I would like to use FIDO2 Passkeys for multi-factor authentication. I'm using Yubikey 5 nowadays and it would be nice to be able to use it when logging in. In future it would also be nice to be able to login using passkeys. It should support also software based passkeys and not be restricted to hardware based security keys.
My LDAP server is FreeIPA and it supports Passkeys partially (https://freeipa.readthedocs.io/en/latest/designs/passkeys.html) . It would be nice to be able to get possible passkey from LDAP during first login without MFA.
Describe alternatives you've considered Using currently available TOTP in Login MFA or using authentication methods that require authentication with TOTP. Using OIDC auth method that can require TOTP or Passkey during login.
Explain any additional use-cases Not included
Additional context Not included