WebAuthn with multiple Domains

[Michael.Uray]

I noticed that I can setup in Configuration-> Other-> WebAuthn TFA just one domain, but I have multiple domains (separate domains, not sub domains) accessing this server.
How can I setup WebAuthn for multiple domains?

 

[fabian]

that's not possible AFAIK, webauthn binds to one specific domain (with the option of allowing sub-domains, but not completely different domains).

 

[Michael.Uray]

I did setup domain1 in Configuration-> Other-> WebAuthn TFA and added a WebAuthn authentication to the user.
The user was able to login.

Then I changed over to domain2 and logged in with TOTP.
I did change to domain2 in Configuration-> Other-> WebAuthn TFA and added another WebAuthn authentication to the same user.
The user was able to login with domain2, but as expected not with domain1.

Then I changed Configuration-> Other-> WebAuthn TFA back to domain1 and the user was able to login again via domain1.

This means to me, that I can change between domain1 and domain2 in Configuration-> Other-> WebAuthn TFA back an forth and each domain which is currently set in Configuration-> Other-> WebAuthn TFA works with WebAuthn, without re-registering a key after a change.
This also means to me, that it technically should be possible to change that on the fly by Proxmox, depending on that which domain I am using to connect to it.

 

[Michael.Uray]

How can I actually add this as feature request?

 

[Michael.Uray]

Feature request:
https://bugzilla.proxmox.com/show_bug.cgi?id=5099