AM 7.3.1

WebAuthn Device Storage node

Writes information about FIDO2 devices to a user’s profile. The user can subsequently authenticate using the device.

Use this node to store the device data the WebAuthn Registration node places into the transient node state when its Store device data in transient state property is enabled.

Outcomes

  • Success

  • Failure

  • Exceed Device Limit

If AM encounters an issue when attempting to save the device data to the user’s profile; for example, the user was not identified earlier, then evaluation continues along the Failure outcome path.

If the Maximum Saved Devices property is set to an integer greater than zero, and registering a new device would take the number of devices above the specified threshold, then evaluation continues down the Exceed Device Limit outcome path. In this case, you may need to instruct your users to log in with an existing device in order to remove one or more of their registered devices.

If the node successfully stores the device data to the user’s profile, evaluation continues along the Success outcome path.

Properties

Property Usage

Generate recovery codes

Specify whether WebAuthn device recovery codes should be generated.

If enabled, recovery codes are generated and stored in the transient node state, and stored alongside the device profile.

Use the Recovery Code Display node to display the codes to the user for safe keeping.

Generating recovery codes overwrites all existing WebAuthn device recovery codes for the device.

Only the most recent set of recovery codes can be used for authentication if a device has been lost or stolen.

Maximum Saved Devices

Specify the maximum number of WebAuthn devices to save in a user’s profile.

Set this property to 0 if you do not want to limit the number of devices.

When this property is greater than zero, the Exceed Device Limit outcome path becomes available.

Copyright © 2010-2024 ForgeRock, all rights reserved.