Skip to content

Add FIDO2 authentication support and related tests #596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Add FIDO2 authentication support and related tests #596

wants to merge 1 commit into from

Conversation

@johannesconsulting
Copy link
Contributor

Description

By adding support for FIDO2 during authentication, we should be able to add support for FIDO2 registration too later.
I have only tested this using physical YubiKey, I have not tested Windows Hello! WHfB was added with 14.6.

This pull request adds support for FIDO2/WebAuthn hardware security key authentication to the New-PASSession command and adds a utility for decoding Base64Url strings.

  • Added support for FIDO2 authentication to New-PASSession, including a new UserName parameter and validation to ensure it is required when using -type FIDO2. The authentication workflow calls Invoke-FIDO2Authentication when type is set to FIDO2.
  • Introduced ConvertFrom-Base64UrlString for converting Base64Url-encoded strings to byte arrays, supporting FIDO2/WebAuthn workflows.
  • Added DSInternals.Win32.WebAuthn.dll and its license.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that makes existing functionality work differently)
  • Documentation update (psPAS website or command help content)
  • Other (see description)

How Has This Been Tested?

  • Pester test(s) update required
  • Pester test(s) updated
  • Pester test(s) passing

Test Configuration:

  • PowerShell version: 7
  • CyberArk PAS version: 14.6
  • OS Version: Windows 11

Checklist:

  • My code follows the style guidelines of this project
  • I have followed the contributing guidelines.
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new test failures or errors
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have opened & linked a related issue
  • I have linked a related issue

@johannesconsulting
Add FIDO2 authentication support and related tests
19e8733 
- Implemented Invoke-FIDO2Authentication function for FIDO2 authentication flow.
- Added ConvertFrom-Base64UrlString function for Base64Url decoding.
- Created tests for New-PASSession and ConvertFrom-Base64UrlString.
- Updated documentation for New-PASSession to include new parameters.
- Added DSInternals.Win32.WebAuthn.dll and its license.
@pspete
Copy link
Owner

pspete commented Oct 7, 2025

This is great @johannesconsulting - will be checking it out & how to include it 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@johannesconsulting @pspete