Personally, I investigated how to set up Keycloak and make it possible to use Windows Hello to authenticate using a passkey.
Mind that to simplify things, I just created a realm where only this kind of authentication is supported.
Flows
- Copy “browser flow”
- Remove OTP, password field
- Add webauthn passwordless
- Copy “registration flow”
- Only “Registration user Profile Creation” is needed.
Policies
- Webauthn passwordless
Failed to register your Passkey. invalid cert path
Solution: In my case, it was because I had set Attestation conveyance preference to Direct. Leaving it to Not specified made everything work like a charm.
Another suggestion on the Internet is to try out enabling different signature algorithms, such as RS256 for Yubikey.
