Skip to content

Commit

Permalink
Change WebAuthn config
Browse files Browse the repository at this point in the history
1. The user verification for the registration is now configured with USER_VERIFICATION_REQUIREMENT_DISCOURAGED
   which should result in no need for PIN, same goes for authn
   verifications.
2. The attestation conveyance is reset to NONE, it was previously
   enabled to allow for vendor certificate based attestation.
  • Loading branch information
MKodde committed Apr 16, 2024
1 parent 530294e commit 5729209
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions config/packages/webauthn.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@ webauthn:
authenticator_selection_criteria:
authenticator_attachment: !php/const Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE
require_resident_key: false
user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED
# this is needed for SURFsecureID as we want to whitelist authenticators by vendor/certification (default is none)
attestation_conveyance: !php/const Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT
user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
# this is no longer needed for SURFsecureID as we want to whitelist authenticators by vendor/certification (default is none)
attestation_conveyance: !php/const Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE
request_profiles:
default:
challenge_length: 64
timeout: 30000
user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED
user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED

metadata:
enabled: true
Expand Down

0 comments on commit 5729209

Please sign in to comment.