CAS 6.3.3 Problem with FIDO2 WebAuthN with Safari as the FIDO2 client

[George Papakyriakopoulos]

Hello there,

We are trying to enable FIDO2 WebAuthN support in CAS with both Yubikeys and using the built-in browser support for FIDO2, namely for Safari on Mac OS.

While Yubikey registration and authentication works fine out of the box, when trying to register a FIDO2 device using the native Safari support for FIDO2 (without a Yubikey), we are presented with the following error on the registration step :

"java.lang.IllegalArgumentException: Failed to obtain attestation trust anchors."

Any ideas why this is happening and maybe how we can configure our own attestation trust anchors to include other sources than Yubikeys ?

Thanks,

George