Title here
Summary here
WebAuthn
Configuration
This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options.
The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.
webauthn:
disable: false
display_name: 'Authelia'
attestation_conveyance_preference: 'indirect'
user_verification: 'preferred'
timeout: '60s'Options
This section describes the individual configuration options.
disable
boolean
false
not required
This disables WebAuthn if set to true.
display_name
string
Authelia
not required
Sets the display name which is sent to the client to be displayed. It’s up to individual browsers and potentially individual operating systems if and how they display this information.
See the W3C WebAuthn Documentation for more information.
attestation_conveyance_preference
string
indirect
not required
Sets the conveyance preference. Conveyancing allows collection of attestation statements about the authenticator such as the AAGUID. The AAGUID indicates the model of the device.
See the W3C WebAuthn Documentation for more information.
Available Options:
| Value | Description |
|---|---|
| none | The client will be instructed not to perform conveyancing |
| indirect | The client will be instructed to perform conveyancing but the client can choose how to do this including using a third party anonymization CA |
| direct | The client will be instructed to perform conveyancing with an attestation statement directly signed by the device |
user_verification
string
preferred
not required
Sets the user verification preference.
See the W3C WebAuthn Documentation for more information.
Available Options:
| Value | Description |
|---|---|
| discouraged | The client will be discouraged from asking for user verification |
| preferred | The client if compliant will ask the user for verification if the device supports it |
| required | The client will ask the user for verification or will fail if the device does not support verification |
timeout
Reference Note: This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.
This adjusts the requested timeout for a WebAuthn interaction.
Frequently Asked Questions
See the Security Key FAQ for the FAQ.
Next
Security