Hello,

I am interested in implementing passkey support on our reverse proxies, aiming for a user experience similar to https://www.passkeys.io. I'm specifically looking for a solution that leverages browser inbuilt user experiences without the need for custom designs.

Could anyone provide information on the latest cookbook available, specifically focusing on version 10.0.6?

Your assistance is greatly appreciated.

Hi Piyush, 

The easiest way to get started with Passkeys is just use our Identifier First Scenario wizard. 

This will create an authsvc policy that you can use with Passkeys. 

There are 2 additional steps outside of this wizard, 
Pre-req step:
You have defined a FIDO2 Relying Party:

This is essentially where you define the URLs that the Passkeys will come from. 

(Once saved you can add origins:)

And then the post-scenario step:

And then you just need to configure the RP to accept the authsvc login. (Which may already be done in your environment) 

Then you can just go to this AAC policy:
https://example.com/mga/sps/authsvc/policy/ifa
or (if you're not using Path pased Authsvc URLs)
https://example.com/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:ifa


I also like to configure ISVA to redirect to that policy for the login flow, 
Use Local response redirect to do this:

Of course, once you've got this working, you can then tweak/modify and optimize the Passkey experience. And happy to guide you further in this space. 

I also wrote a 4-part blog series on using FIDO in ISVA, which is still relevant:

• FIDO2 in less than 15 minutes with ISAM 9.0.7 (Part 1 of 4)
• ISAM FIDO2 – Usernameless login and Mediators (Part 2 of 4)
• ISAM FIDO2 – Metadata and registration policy enforcement (Part 3 of 4)
• ISAM FIDO2 – Using the FIDO2 server endpoints (Part 4 of 4)

More recently I've added to this story with another article on Using FIDO Java APIs from Infomap on ISVA to achieve a similar use case with code in an Infomap and your own page templates.