I have configured passkey flow in keycloak 26.4.1.
User may configure passkey via required action or during registration.
However, Chrome doesn’t prompt me to create a passkey after login. Is there a way to configure this in Keycloak?
Just to clarify, the feature “Automatically create a passkey to sign in faster” (to help others with the same question) attempts to automatically create a passkey without user intervention when the IdP requests the user’s password manager (GPM) to do so. This works as long as a password is saved for your site and was recently used to sign in.
Nevertheless, for this to work, the IdP must use the mediation mode conditional during passkeys registration. So far, that feature has not been adopted. You can verify this in the webauthnRegister.js → doRegister function (version 26.4.2), as it only sends the publicKey parameter to navigator.credentials.create() [1].
Therefore, you’re missing some configuration to enable passkey registration.
2 Likes