ZTrust Documentation
  • User Manual - ZTrust V3.0
    • Key Terminologies
    • Guide to Navigation
      • Clients
        • Clients List
        • Initial Access Token
        • Client Registration
      • Client Scopes
      • Realm Roles
      • Users
      • Groups
      • Sessions
      • Events
        • User events
        • Admin events
      • Realm Settings
        • General
        • Login
        • Email
        • Themes
        • Keys
        • Events
        • Localization
        • Security Defenses
        • Sessions
        • Tokens
        • Client Policies
        • User profile
        • User Registration
      • Authentication
        • Flows
        • Required Actions
        • Policies
      • Identity Providers
      • User Federation
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
        • How to set-up 2FA Authentication
      • ZTrust Authenticator App
      • Self-Service Portal (SSP)
        • Authenticator Setup from Self-Service Portal
        • Set Your Profile Photo in Self-Servicce Portal
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • Role-Specific Attribute Based Access Control at client level
      • Self-Role Request at the Business Level
      • Self-Role Request at the Application Level
      • How to setup Delete Archived/Inactive User feature
      • Reporting Module
      • Geo Tagging and Fencing
      • Event Type
  • Release Notes
    • ZTrust V3.1.0
    • ZTrust V3.0.0
    • ZTrust V2.1.0
    • ZTrust V2.0.1
    • ZTrust V2.0.0
    • ZTrust V1.0.4
    • ZTrust V1.0.3
    • ZTrust V1.0.2
    • ZTrust V1.0.1
    • ZTrust V1.0.0
  • Frequently Asked Questions
  • User Manual - ZTrust V2.0
    • Key Terminologies
    • Guide to Navigation
      • Clients
        • Clients List
        • Initial Access Token
        • Client Registration
      • Client Scopes
      • Realm Roles
      • Users
      • Groups
      • Sessions
      • Events
        • User events
        • Admin events
      • Realm Settings
        • General
        • Login
        • Email
        • Themes
        • Keys
        • Events
        • Localization
        • Security Defenses
        • Sessions
        • Tokens
        • Client Policies
        • User profile
        • User Registration
      • Authentication
        • Flows
        • Required Actions
        • Policies
      • Identity Providers
      • User Federation
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup Time-based One-Time Password (TOTP) Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
        • How to set-up 2FA Authentication
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • How to setup Delete Archived/Inactive User feature
      • Role-Specific Attribute Based Access Control at client level
      • Reporting Module
      • Geo Tagging and Fencing
      • Event Type
  • User Manual - ZTrust V1.0
    • Guide to Navigation
      • Realm Settings
        • General
        • Login
        • Keys
        • Email
        • Themes
        • RabbitMQ Config
        • Localization
        • Cache
        • Tokens
        • Client Registration
        • Client Policies
        • Security Defenses
      • Clients
      • Client Scopes
        • Default Client Scopes
      • Roles
        • Realm Roles
        • Default Roles
      • Identity Providers
      • User Federation
      • Authentication
        • Flows
        • Bindings
        • Required Actions
        • Password Policy
        • OTP Policy
        • WebAuthn Policy
        • WebAuthn Passwordless Policy
        • CIBA Policy
      • Groups
        • Default Groups
      • Users
      • Sessions
        • Realm Sessions
        • Revocation
      • Events
        • Login Events
        • Admin Events
        • Config
      • Import
      • Export
    • Admin Manual
      • Creation of a Realm
      • Creation of a User
        • Login to Account Console
      • How to set up Password Invalidator
      • How to set up Password Policies
      • How to set up Brute Force Detection feature
      • How to enable the One-to-Many feature
      • How to set up Multi-Factor Authentication
        • Setup of ReCAPTCHA registration flow
        • Setup of ReCAPTCHA login flow
        • Setup of OTP Based Registration
        • Setup of OTP Based Login
        • Setup of QR Code Based Authentication
        • Setup of Push Notification Based Authentication
        • Setup of Biometric based Authentication
      • How to setup Session Invalidator feature
      • How to setup GDPR Compliant feature
      • How to set up Social Media login
      • How to setup Inactive User Tracking feature
      • How to setup Archive Inactive User feature
      • How to setup Delete Archived/Inactive User feature
Powered by GitBook
On this page
  1. User Manual - ZTrust V1.0
  2. Guide to Navigation
  3. Authentication

WebAuthn Policy

PreviousOTP PolicyNextWebAuthn Passwordless Policy

Last updated 11 months ago

In the WebAuthn Policy section, you can configure the policies for WebAuthn authentication.

These settings are utilized by the WebAuthn Register required action and the WebAuthn Authenticator authenticator.

This setup is commonly employed for implementing WebAuthn in two-factor authentication scenarios.

Relying Party Entity Name

It refers to the Human-readable server name for a WebAuthn Relying Party.

This is a mandatory field and required for registering the WebAuthn authenticator.

The default setting is Keycloak.

Signature Algorithms

This algorithm tells the WebAuthn authenticator which signature algorithm has to be used for Public Key Credential.

ZTrust relies on Public Key Credentials for signing and verifying Authentication Assertions.

You can choose the desired option from the dropdown menu.

If no specific algorithms are specified, the default ES256 algorithm is used.

It is an optional configuration item while applying to the registration of WebAuthn authenticators.

Relying Party ID

It refers to the ID of a WebAuthn Relying Party, which defines the scope of Public Key Credentials.

It should correspond to the effective domain of the origin.

This is an optional configuration that is applied during the registration of WebAuthn Authenticators.

Attestation Conveyance Preference

This setting specifies the preference for generating an attestation statement to the authenticator.

You can choose the desired option from the dropdown menu.

It is an optional configuration field while applying to the registration of the WebAuthn authenticator.

Authenticator Attachment

This indicates an acceptable attachment pattern to the authenticator.

You can select your preference between platform or cross-platform patterns from the dropdown menu.

It is an optional configuration item while applying to the registration of WebAuthn Authenticator.

Require Resident Key

It instructs an authenticator whether to create a public key credential as a resident key or not.

It is an optional configuration item while applying to the registration of WebAuthn Authenticator.

User Verification Requirement

This setting communicates the authenticator to confirm the verification of a user.

It's an optional configuration applied during the registration and authentication processes of a WebAuthn authenticator.

You can select your preferred option from the available choices in the dropdown menu.

If left unselected, it defaults to the behavior same as having preferred option.

Timeout

This value determines the timeout duration for registering a WebAuthn authenticator and authenticating the user with it.

If set to 0, the timeout option is not adapted, and it relies on the implementation behavior of the WebAuthn authenticator.

Avoid Same Authenticator Registration

This is a toggle button, When activated (toggled ON), ZTrust prevents the re-registration of an already registered WebAuthn authenticator.

If deactivated (toggled OFF), an already registered WebAuthn authenticator can be registered again.

Acceptable AAGUIDs

It mentions the white list of AAGUIDs (Authenticator Attestation Global Unique Identifier) of which an authenticator can be registered.

This indicates the whitelist of AAGUIDs that a WebAuthn authenticator needs to register against.