Keycloak 9 :: Help with WebAuthN Confusion (updated with images showing the problem)

Hello everyone,

I have setup WebAuthN according to the docs: https://www.keycloak.org/docs/latest/server_admin/#_webauthn

If I have it set as required, it works as expected. User is forced to register a key and then forced to use it when they login. But there is no where on the account page to manage their keys for me. I figured just like with OTP, a user could add their keys and manage them.

I plan on using WebAuthN in mixed mode with OTP so upon registration adding a key isn’t required. But after registration since there is nothing on the account page to let a user manage their keys I am a bit confused and stuck.

Thanks for any help.

Hello everyone,

I wanted to add some more information that might help show my problem better.

This is how I currently have it setup:

And since this user has a security key from when I had it set to required, upon logging in I do get prompted to use it and everything works fine. However, there is no way for me as a user to manage it so if it wasn’t set to required I would have no way to add one. This is what my user sees for account management:

Thanks again for taking the time to help me with this.

P.S. Sorry for all the replies, apparently a new user can only add one image to a post.

Does anyone know if this is the intended behavior or not? Is this something I should open a bug for? Can anyone confirm if your users have the ability to manage their security keys?

Thanks

Hi,

First I suggest to update to latest Keycloak 9.0.2 version.

Then one thing to note is, that the account console you’re pointing will
be replaced with the new account console. The old account console
doesn’t have any support for WebAuthn as we rather focus on adding new
features to the new account console.

New account console however is not enabled by default. I think you need
to enable some features like Account REST API and Account console (See
Server Installation Guide for more details) and possibly do some other
steps. Not sure if they are documented somewhere as this is still quite
experimental.

Marek