QA: Is it possible to use WebAuthn passwordless authentication in UCS?

Knowledge Base Community
, , , ,
1

Question

Is it possible to use WebAuthn passwordless authentication in UCS?

Answer

Yes, it is possible to use WebAuthn for passwordless authentication in UCS with Keycloak >=26.4. However, please note that this currently requires the “Import Users” setting to be enabled within your LDAP federation settings, which changes the ID of the users.

Here are the steps described for an example setup:

  1. In Authentication → Required Actions: Check the box for “Webauthn Register Passwordless” under “Set as default action”.

    grafik
    grafik2231×1348 292 KB

  2. In User Federation → ldap-provider → Synchronization Settings: Check the box for “Import Users”.

    grafik
    grafik2231×1348 211 KB

  3. In Authentication → Flows: Duplicate the “browser” Flow and modify it to include the “Webauthn Passwordless Authenticator”, then bind this to the “Browser Flow”.

    grafik
    grafik2231×1348 317 KB

    For information about flow creation and another example, please take a look at the Keycloak documentation.

  4. In Users: Delete the users who wish to register passwordless.

    grafik
    grafik2231×1348 179 KB

  5. Log in with a user

    grafik
    grafik2231×1348 159 KB

    and, after successful login, complete the WebAuthn registration.
    grafik
    grafik2231×1348 156 KB

If you don’t want to activate “Import Users”, please follow our feature request and look out for any changes there.

3

This topic was automatically closed after 24 hours. New replies are no longer allowed.