we are currently setting up PrivacyIdea with focus to WebAuthN. During the configuration I was wondering if there are any plans to support Usernameless Authentication. In detail we would like to use Explainer: WebAuthn Conditional UI · w3c/webauthn Wiki · GitHub. I allready started digging into the source code and recognized that this would be a pretty large change. Beside extending the registration of Tokens, usernameless verification must be implemented. At the time of writing this would be a complete new flow/aspect. We have some staff to implement possible changes, but we are unsure whether such behavior is desirable in principle.
Oups, we added this to Milestone 3.9.
This could™ be a bit optimistic.
This needs a more generic concept (I currently do not find the issue/wiki entry)
There are also plans to enhance smartcard authentication in a way to authenticate with challenge/response by simply scanning a QR code, without the need to previously enter a username or a password.
This requires
challenge response DB table to work without a reference to a user or serial number
additional API endpoint and workflow
a tokenclass attribute, which tokens are capable of supporting this workflow
Great! Thanks for the response and the link to the GitHub Issue. As already mentioned we (the Munich University of Applied Sciences) would be able to invest some time to implement some features or solutions. If you have concrete ideas about which functions need to be implemented, we are happy to undertake individual parts.
Hi,
I’ve searched in PrivayIDEA 3.9 documents and found nothing about resident-credentials for FIDO2 usename-less authentication. I wonder if this feature is implemented in the latest version of PrivacyIDEA or is there any plan ?