Skip to content

Add FIDO2 authentication using P/Invoke#606

Open
johannesconsulting wants to merge 3 commits intopspete:devfrom
johannesconsulting:fido2-pinvoke
Open

Add FIDO2 authentication using P/Invoke#606
johannesconsulting wants to merge 3 commits intopspete:devfrom
johannesconsulting:fido2-pinvoke

Conversation

@johannesconsulting
Copy link
Copy Markdown
Contributor

@johannesconsulting johannesconsulting commented Apr 19, 2026
edited
Loading

Description

This was created with the help of AI
This is the same type of change as #596 but instead of using a DLL file from DSInternals, we do it our self.
I will keep both PRs up and you can decide if you want any of them or none :)

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that makes existing functionality work differently)
  • Documentation update (psPAS website or command help content)
  • Other (see description)

How Has This Been Tested?

  • Pester test(s) update required
  • Pester test(s) updated
  • Pester test(s) passing

Test Configuration:

  • PowerShell version: 7
  • CyberArk PAS version: 14.6
  • OS Version: Windows 11

Checklist:

  • My code follows the style guidelines of this project
  • I have followed the contributing guidelines.
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new test failures or errors
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have opened & linked a related issue
  • I have linked a related issue

@johannesconsulting
Add FIDO2 authentication support and related tests
19e8733 
- Implemented Invoke-FIDO2Authentication function for FIDO2 authentication flow.
- Added ConvertFrom-Base64UrlString function for Base64Url decoding.
- Created tests for New-PASSession and ConvertFrom-Base64UrlString.
- Updated documentation for New-PASSession to include new parameters.
- Added DSInternals.Win32.WebAuthn.dll and its license.
@johannesconsulting
Clean up FIDO2 authentication implementation
eec5775 
- Remove duplicated Base64Url encoding via a small helper scriptblock
- Consolidate LogonRequest passthrough params into a single hashtable
- Drop redundant try/catch wrappers that only re-prefix error messages
- Remove unused SuppressMessage attribute and obvious step-by-step comments
- Use ContainsKey() and tidy whitespace
@johannesconsulting johannesconsulting changed the base branch from master to dev April 19, 2026 20:39
@johannesconsulting
Replace DSInternals.Win32.WebAuthn.dll with inline P/Invoke to webaut…
fc13d85 
…hn.dll

- Drop third-party DLL (and its license file); use the Windows built-in webauthn.dll via P/Invoke through Add-Type inline C#.
- Remove unused $Script:ModuleRoot from psPAS.psm1 (only needed for the DLL path lookup).
- Manually marshal client data / credential list / assertion structs, and free all allocations + WebAuthNFreeAssertion in a finally block.
- Use the credential ID actually returned by the authenticator (assertion.Credential.pbId) rather than �llowCredentials[0].Id.
@johannesconsulting johannesconsulting mentioned this pull request May 3, 2026
Open
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johannesconsulting