From 50ec2c21add652f23524a76b2bc7b404c2f3794f Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 16 Apr 2024 09:31:49 +0200
Subject: [PATCH] Change WebAuthn config

1. The attestation conveyance is reset to NONE, it was previously
   enabled to allow for vendor certificate based attestation.
---
 config/packages/webauthn.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/packages/webauthn.yaml b/config/packages/webauthn.yaml
index 4bfc38d3..efdbd957 100755
--- a/config/packages/webauthn.yaml
+++ b/config/packages/webauthn.yaml
@@ -16,14 +16,14 @@ webauthn:
             authenticator_selection_criteria:
                 authenticator_attachment: !php/const Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE
                 require_resident_key: false
-                user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED
+                user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
             #  this is needed for SURFsecureID as we want to whitelist authenticators by vendor/certification (default is none)
             attestation_conveyance: !php/const Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT
     request_profiles:
         default:
             challenge_length: 64
             timeout: 30000
-            user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED
+            user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
 
     metadata:
         enabled: true