FIDO2 / WebAuthn Support not OS independent
Categories
(Core :: DOM: Web Authentication, defect, P2)
Tracking
()
People
(Reporter: b.lambertz, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
Tried to add FIDO2 security key as MFA device for Microsoft Login:
- visit https://aka.ms/mysecurityinfo
- login
- Trying to add security key results in error (see actual results)
- Tested with Firefox 91.8.0esr and 99.0.1
- OS: Windows 10 Enterprise LTSC 2019 (1809)
Actual results:
Error message: We detected that this browser or OS doesn't support FIDO2 security keys.
Expected results:
Registration process for FIDO2 Key should start.
Windows 10 LTSC 2019 does not fully support FIDO2 keys, but that is not necessary for a browser to implement WebAuthn, as it works on the same host in Microsoft Edge and Google Chrome.
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Web Authentication' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 2•2 years ago
|
||
Just to be clear, the error message is a message from the website, correct? Not an actual Firefox dialog?
Reporter | ||
Comment 3•2 years ago
|
||
Correct, it is a message from Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment#troubleshoot-security-key-sign-in
Reporter | ||
Comment 4•2 years ago
|
||
- Tested with Yubikey 5C NFC und Yubikey 5 Bio
- registration works on Windows 10 21H2 in Firefox 100 and 91.7.0esr
- according to WebAuthn Specifications roaming authenticators can also work without OS interaction: https://www.w3.org/TR/webauthn-2/#sctn-other-configurations
Updated•2 years ago
|
Updated•2 years ago
|
Comment 6•2 years ago
|
||
We're seeing this impacting our rollout of FIDO2 keys in our environment, on macOS and Ubuntu as well.
When presented with a authentication prompt, using a FIDO2 key does not work except in OTP generation.
Updated•2 years ago
|
Updated•1 year ago
|
Description
•