Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passkey Support #921

Open
wermuthy opened this issue Jun 18, 2024 · 8 comments
Open

Passkey Support #921

wermuthy opened this issue Jun 18, 2024 · 8 comments
Assignees
@dbuechel
Labels
being investigated This issue is being investigated.

Comments

@wermuthy
Copy link

Describe the Bug
We are in the process of deploying a 2FA Solution with Passkeys. This is important to ensure account security. When we try to authenticate the user in SafeExamBrowser the authentification is not possible. Normally the browser should call Windows Hello to authenticate the user.

Sometimes, but not always the Windows Hello Prompt opens in the background and is visible when closing SafeExamBrowser.

Is there a way to enable Passkeys in SafeExamBrowser?

Steps to Reproduce
Steps to reproduce the behavior:

  1. Configure SafeExamBrowser to open https://webauthn.io/
  2. Try registering or login
  3. No Windows Hello Popup

Expected Behavior
The user should be able to authenticate themselves with Windows Hello.

Version Information

  • OS: Windows 10 Enterprise (Version 21H2)
  • SEB-Version 3.5.0
    and
  • OS: Windows 11 Pro (Version 22H2)
  • SEB-Version 3.7.0

Logs:
2024-06-18_11h25m52s_Browser.log
2024-06-18_11h25m52s_Client.log
2024-06-18_11h25m52s_Runtime.log
2024-06-18_11h25m52s_Service.log
@dbuechel
Copy link
Member

You should be able to do so by allowing the required application as permitted third-party application in the SEB configuration (see https://safeexambrowser.org/windows/win_usermanual_en.html#ApplicationsPane). According to the log, you might simply need to allow the following application:

2024-06-18 11:26:06.408 [24] - DEBUG: [ApplicationMonitor] Process 'CredentialUIBroker.exe' (9632) has been started [Original Name: 'CredentialUIBroker.exe', Path: 'C:\Windows\System32\CredentialUIBroker.exe', Signature: bbd2c438000344f439bfdfe5abac3223357cd67f].

@wermuthy
Copy link
Author

I tried adding 'CredentialUIBroker.exe' to the permitted applications. I saw that the camera got activated like before but there still is no Windows Hello Popup.

New Logs:
2024-06-19_11h15m45s_Service.log
2024-06-19_11h15m45s_Browser.log
2024-06-19_11h15m45s_Client.log
2024-06-19_11h15m45s_Runtime.log

@dbuechel
Copy link
Member

The application seems to be configured and started correctly:

2024-06-19 11:16:00.952 [39] - DEBUG: [ApplicationMonitor] Process 'CredentialUIBroker.exe' (13104) has been started [Original Name: 'CredentialUIBroker.exe', Path: 'C:\Windows\System32\CredentialUIBroker.exe', Signature: bbd2c438000344f439bfdfe5abac3223357cd67f].
2024-06-19 11:16:00.952 [39] - DEBUG: [ApplicationMonitor] Detected start of whitelisted application instance 'CredentialUIBroker.exe' (13104).
2024-06-19 11:16:00.952 [34] - INFO: [CredentialUIBroker] New application instance was started.
2024-06-19 11:16:00.952 [34] - DEBUG: [Process 'CredentialUIBroker.exe' (13104)] Initialized termination event.
2024-06-19 11:16:00.952 [34] - INFO: [CredentialUIBroker (13104)] Initialized application instance.

Is that an UWP application? If yes, then it unfortunately won't work with SEB, as UWP applications are incompatible with the kiosk modes of SEB.

@dbuechel dbuechel added the being investigated This issue is being investigated. label Jun 20, 2024
@wermuthy
Copy link
Author

Windows Hello is a system component so therefore i believe it isn't an UWP application. It's probably part of the Windows Security Center, but there is no information online.

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 28 days with no activity. It will soon be closed automatically if there are no updates.

@github-actions github-actions bot added the stale This issue had no recent activity and will thus soon be closed. label Jul 25, 2024
@strau0106
Copy link

This has been discussed in a few issues before, quite annoying.

I'd recommend to try and move the MS authentication out of seb. What LMS are you using? It would make it easier for the students as well as they wouldn't need to login as often.

@github-actions github-actions bot removed the stale This issue had no recent activity and will thus soon be closed. label Aug 3, 2024
@wermuthy
Copy link
Author

We are using Moodle.
The Problem is, that the authentication window appears as soon as the user tries to login to Moodle. I wouldn't have a idea how i could move the authentication out of seb.

@strau0106
Copy link

currently being tracked under #703 if i am not mistaken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbuechel dbuechel

Labels
being investigated This issue is being investigated.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dbuechel @strau0106 @wermuthy