Add FIDO2 Registration using P/Invoke#607
Open
johannesconsulting wants to merge 4 commits intopspete:devfrom
Open
Add FIDO2 Registration using P/Invoke#607johannesconsulting wants to merge 4 commits intopspete:devfrom
johannesconsulting wants to merge 4 commits intopspete:devfrom
Conversation
- Implemented Invoke-FIDO2Authentication function for FIDO2 authentication flow. - Added ConvertFrom-Base64UrlString function for Base64Url decoding. - Created tests for New-PASSession and ConvertFrom-Base64UrlString. - Updated documentation for New-PASSession to include new parameters. - Added DSInternals.Win32.WebAuthn.dll and its license.
- Remove duplicated Base64Url encoding via a small helper scriptblock - Consolidate LogonRequest passthrough params into a single hashtable - Drop redundant try/catch wrappers that only re-prefix error messages - Remove unused SuppressMessage attribute and obvious step-by-step comments - Use ContainsKey() and tidy whitespace
…hn.dll - Drop third-party DLL (and its license file); use the Windows built-in webauthn.dll via P/Invoke through Add-Type inline C#. - Remove unused $Script:ModuleRoot from psPAS.psm1 (only needed for the DLL path lookup). - Manually marshal client data / credential list / assertion structs, and free all allocations + WebAuthNFreeAssertion in a finally block. - Use the credential ID actually returned by the authenticator (assertion.Credential.pbId) rather than �llowCredentials[0].Id.
Adds support for registering new FIDO2 devices via the CyberArk PAM-SH FIDO2 device management API. Two parameter sets: Default - Admin flow against /api/fido2/registrationOptions + /api/fido2/registration (optional -UserId) OwnDevice - Self-service flow against /api/fido2/selfRegistrationOptions + /api/fido2/selfRegistration Performs the WebAuthn MakeCredential ceremony locally via webauthn.dll using a self-contained P/Invoke wrapper (Invoke-FIDO2MakeCredential), mirroring the existing Invoke-FIDO2Authentication helper. Requires Windows 10 1903+ for the WebAuthn ceremony and CyberArk 14.6+.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This was created with the help of AI
Added support for FIDO Registration. This would allow admins to automate the FIDO registration for users.
This is built on top of #606, so we are not using any third party DLL files.
Type of change
How Has This Been Tested?
Test Configuration:
Checklist: