Keycloak with W3C Web Authentication(webAuthn) support for password-less authentication does not work on iOS

Question

We are currently using Keycloak 12.0.0 Passwordless login/authentication feature backed by W3C Web Authentication (webAuthn for password-less authentication).

We have bootstrapped an Identity Server using the same Authentication/Authorization provider, catering to iOS/Android devices.

I am able to customize authentication flow (through the admin console of keycloak). Using Keycloak's "JavaScript adapter" we are able to log-in on our Android app (using Chrome Custom Tabs - with fingerprint/device PIN). WebAuthn works great.

But on iOS 14 on Safari v14 it did not work as expected. screenshot

Here are screenshots of my configuration:

Authentication flows:

Authentication flow

Authentication passwordless policy

The same works on mac(macOS Big Sur 11.2.3) when run on Google chrome but not on safari v14.0.2 Screenshot

On October 19, 2020, Apple posted an explanation of their take on WebAuthn stating that Safari 14 to Support Biometric Authentication Via FIDO2 WebAuthn:

Meet Face ID and Touch ID for the web

webkit on iOS

Followed Keylock docs for webAuthn setup/configuration: Keycloak webAuthn

Demo site for WebAuthn: site

score 0 · Answer 1 · edited Mar 17 '21 at 19:40

0

I think you should consider using ASWebAuthenticationSession instead of SFSafariViewController, as stated in Apple documentation:

A session that an app uses to authenticate a user through a web service.

edited Mar 17 '21 at 19:40

Tomerikoo

18,379
16
47
61

answered Mar 17 '21 at 13:43

A_Mo

338
2
8

Keycloak with W3C Web Authentication(webAuthn) support for password-less authentication does not work on iOS

1 Answers1