WebAuthn

WebAuthn is the modern browser security key specification that Authelia supports. This section describes configuring it.

Configuration

webauthn:
  disable: false
  display_name: Authelia
  attestation_conveyance_preference: indirect
  user_verification: preferred
  timeout: 60s

Options

This section describes the individual configuration options.

disable

boolean false not required

This disables WebAuthn if set to true.

display_name

string Authelia not required

Sets the display name which is sent to the client to be displayed. It’s up to individual browsers and potentially individual operating systems if and how they display this information.

See the W3C WebAuthn Documentation for more information.

attestation_conveyance_preference

string indirect not required

Sets the conveyance preference. Conveyancing allows collection of attestation statements about the authenticator such as the AAGUID. The AAGUID indicates the model of the device.

See the W3C WebAuthn Documentation for more information.

Available Options:

ValueDescription
noneThe client will be instructed not to perform conveyancing
indirectThe client will be instructed to perform conveyancing but the client can choose how to do this including using a third party anonymization CA
directThe client will be instructed to perform conveyancing with an attestation statement directly signed by the device

user_verification

string preferred not required

Sets the user verification preference.

See the W3C WebAuthn Documentation for more information.

Available Options:

ValueDescription
discouragedThe client will be discouraged from asking for user verification
preferredThe client if compliant will ask the user for verification if the device supports it
requiredThe client will ask the user for verification or will fail if the device does not support verification

timeout

duration 60s not required

Note: This setting uses the duration notation format. Please see the common options documentation for information on this format.

This adjusts the requested timeout for a WebAuthn interaction.

FAQ

See the Security Key FAQ for the FAQ.