XiTatiON

Also keen to throw my support behind this feature. Happy to help test it as it's developed if required. Use case is I run Kanidm and Cloudflare Tunnel, user experience...

> Can you reproduce on https://webauthn.firstyear.id.au/ This one worked fine. See attached screenshots.     

> Also please try https://webauthn.io/?regUserVerification=preferred&attestation=none&attachment=all&algES256=true&algRS256=true&discoverableCredential=discouraged&authUserVerification=preferred > > Note that I have pre-configured that link to not damage your keys. This one also appears to work fine. See attached screenshots. ![Screenshot...

Ok I've found another piece to this puzzle. My password manager "Keeper" has a browser plugin they have recently added a "Passkeys aspect to it, I usually just cancel on...

> There are some minor fixes to webauthn flows in webauthn-rs since the release. I have updated the maintenance branch and I am preparing updated containers now. I'll let you...

I've pinged Keeper too, would be nice if you can disable the Webauthn / Passkey enrolment for all sites or on a per URL basis. Don't like the idea of...

> Passkeys are "self contained multifactor authentication". Keeper should be asking you for user verification each time to proceed. Good point, and I assume it likely would ask for a...

> Unrelated, but if you use yubikeys, you should be aware of https://fy.blackhats.net.au/blog/2023-02-02-how-hype-will-turn-your-security-key-into-junk/ > > Kanidm does the right thing here, but other sites dont so watch out. This is...

> Can you confirm your rp-id and origins are correct? Should be the domain name and origin values in the server.toml. > > I'm looking at the code and both...

Certs are all lets encrypt wildcards for the domain it's hosted on. I have it setup with Split DNS for internal / external access. I use Cloudflare tunnel for external...