We had set up the authentication flow with Security Key after discussions on this topic. We contacted itoc.supportdesk@nhs.net who helped us set up passkeys via this guide.
However, attempting to use the passkey produces an error. Please let me know if this is something you can investigate, especially given the error response ID in the screenshot below.
Unfortunately the logs don’t give any additional information other than there was an error.
What did you use for the passkey? It looks like you are using a Mac? Which option are you choosing when you try to authenticate in the dialog shown above?
Looking at your profile you only have a passkey setup and not a security key - please choose Passkey when authenticating - digging more into the logs, you selected security key
Yep I mixed them up. There is no passkey option on the CIS2 page - how can I enable this?
@john.lister3
A passkey is treated as a “level 2” authenticator. Depending on the app you are trying to login to, it may not support those. The default is “level 3” authenticators as shown on the screenshot. If this is your app, ensure you send acr_values=AAL2_OR_AAL3_ANY.
Note the MFA option is also level 2
Is this sent as a request parameter?
@john.lister3
Do you happen to know if the associatedorgs scope requires a level 3 Authenticator? Or will it work with level 2? We don’t need it - it would just be helpful.
Thanks for the help btw
No worries, none of the scopes or parameters have a dependency on the authenticator used from a CIS2 Auth point of view. However Relying parties (applications) may require specific authenticators, etc but again the scopes will behave the same regardless of the authenticator
