WebAuthn support

[hex-m]

Is it possible to support WebAuthn via RADIUS?

From my understanding this may be hard - similar to push tokens where @cornelinux mentioned:

The problem is that the out of band auth with push can not work well with a protocol like RADIUS.

[EchedelleLR]

If that is the thing, how is that YubiKey is supported in FreeRADIUS using PAM as backend?

https://developers.yubico.com/yubico-pam/YubiKey_and_FreeRADIUS_via_PAM.html

Would not be possible to use FreeRADIUS PAM authentication and implementing privacyIDEA support through its PAM plugin to bring FreeRAIUS with WebAuthn support?

[hex-m]

From your link:

Two-factor legacy Username + password + YubiKey OTP authentication for RADIUS server

YubiKey-Devices support other protocols than FIDO2/WebAuthn.

[EchedelleLR]

In my case, I am only interested in WebAuthn since I use SoloKeys.

Edit: okay now I see what you say.

But if PI already supports PAM with FIDO and FreeRADIUS supports using PAM module, would not be possible?

[nilsbehlen]

hi, our pam does currently not support fido2. however, it can easily be implemented, it is just a matter of having the time.
if freeradius could use the pam module, that would be great and maybe a reason to implement fido2 sooner.
Do you know of any pam module or combination that makes fido2 work with freeradius?