nextcloud
WebAuthn not working when authenticating via SAML
I have a NextCloud instance with authentication configured via SAML. Our IDP (Keycloak) requires that users present their security device via WebAuthn during login. Opening the NextCloud web interface using the Safari browser on an iPhone 11, one is correctly redirected to the IDP and asked to present their security device (and if done so, is logged in correctly). If the user is using the app, the web-view fails to present the user with the dialog to present their device and login is impossible.
N.B.: iOS requires the WebAuthn interaction to be initiated by a "user gesture". To facilitate that requirement, we've deployed a custom login theme, that presents a button that initiates the WebAuthn request when pressed. As stated above this works, when using Safari, but not in the web-view opened by the app.
iOS version: iOS 14.6 Nextcloud iOS app version: 4.0.4.0 Server operating system: Docker (tag stable-fpm) Web server: nginx Database: PostgreSQL PHP version: 7.4 Nextcloud version: 20.0.11
users report that the nextcloud app on android is working fine and using the system web browser, no an emedded component. The app on iOS uses an embedded web component, which successfully shows our IPD login screen but fails to access the passkeys. Using the system browser like android should be the correct solution.
