psPAS icon indicating copy to clipboard operation
psPAS copied to clipboard
verified publisher icon pspete

Add FIDO2 authentication support and related tests

Open johannesconsulting opened this issue 4 months ago • 1 comments

Description

By adding support for FIDO2 during authentication, we should be able to add support for FIDO2 registration too later. I have only tested this using physical YubiKey, I have not tested Windows Hello! WHfB was added with 14.6.

This pull request adds support for FIDO2/WebAuthn hardware security key authentication to the New-PASSession command and adds a utility for decoding Base64Url strings.

  • Added support for FIDO2 authentication to New-PASSession, including a new UserName parameter and validation to ensure it is required when using -type FIDO2. The authentication workflow calls Invoke-FIDO2Authentication when type is set to FIDO2.
  • Introduced ConvertFrom-Base64UrlString for converting Base64Url-encoded strings to byte arrays, supporting FIDO2/WebAuthn workflows.
  • Added DSInternals.Win32.WebAuthn.dll and its license.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that makes existing functionality work differently)
  • [x] Documentation update (psPAS website or command help content)
  • [ ] Other (see description)

How Has This Been Tested?

  • [ ] Pester test(s) update required
  • [x] Pester test(s) updated
  • [ ] Pester test(s) passing

Test Configuration:

  • PowerShell version: 7
  • CyberArk PAS version: 14.6
  • OS Version: Windows 11

Checklist:

  • [x] My code follows the style guidelines of this project
  • [x] I have followed the contributing guidelines.
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation
  • [ ] My changes generate no new test failures or errors
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [x] New and existing unit tests pass locally with my changes
  • [ ] I have opened & linked a related issue
  • [ ] I have linked a related issue

johannesconsulting avatar Oct 05 '25 14:10 johannesconsulting

This is great @johannesconsulting - will be checking it out & how to include it 👍

pspete avatar Oct 07 '25 20:10 pspete