Brussels / 4 & 5 February 2023


Enabling FIDO2/WebAuthn support for remotely managed users

Passwordless and multi-factor authentication (MFA) are becoming a trend and their usage will increase in the near future. However, most of the solutions target the web/online pattern, or the local users, thus leaving centralized identity management for console and POSIX system applications lacking those capabilities.

For the last year FreeIPA and SSSD have been working on enabling FIDO2/WebAuthn support for remotely managed users. One part of it is enabling a user stored in a LDAP server to locally authenticate in a system using a FIDO2 key. Another part is to use FIDO2 authentication to obtain a Kerberos ticket. This opens a new world to organizations to tighten their security, while maintaining strict control as to who access their systems.

This talk will focus on the progress in FIDO2/WebAuthn authentication in SSSD by providing the implementation state, the solution details and a demo. Additional information on the possible expansion of the solution will also be provided.


Photo of Alexander Bokovoy Alexander Bokovoy
Photo of Iker Pedrosa Iker Pedrosa