Supporting Discoverable Credentials

Hello all together,

we are currently setting up PrivacyIdea with focus to WebAuthN. During the configuration I was wondering if there are any plans to support Usernameless Authentication. In detail we would like to use Explainer: WebAuthn Conditional UI · w3c/webauthn Wiki · GitHub. I allready started digging into the source code and recognized that this would be a pretty large change. Beside extending the registration of Tokens, usernameless verification must be implemented. At the time of writing this would be a complete new flow/aspect. We have some staff to implement possible changes, but we are unsure whether such behavior is desirable in principle.

Kind regards

Hi Flo,
welcome to privacyIDEA.

Yes, it is. See:

Oups, we added this to Milestone 3.9.
This could™ be a bit optimistic.

This needs a more generic concept (I currently do not find the issue/wiki entry)

There are also plans to enhance smartcard authentication in a way to authenticate with challenge/response by simply scanning a QR code, without the need to previously enter a username or a password.

This requires

  • challenge response DB table to work without a reference to a user or serial number
  • additional API endpoint and workflow
  • a tokenclass attribute, which tokens are capable of supporting this workflow
  • tokenclass methods.

to name the least.

Great! Thanks for the response and the link to the GitHub Issue. As already mentioned we (the Munich University of Applied Sciences) would be able to invest some time to implement some features or solutions. If you have concrete ideas about which functions need to be implemented, we are happy to undertake individual parts.