Hardware MFA on self-hosted instance

[Quinten0508]

Can't get MFA to work on a self-hosted instance. I templated your "basic" docker-compose file and put it behind my own reverse proxy. However, upon trying to set up a "hardware key" MFA method, I'm met with the following generic error message: Failed to add authenticator. This multi factor authentication type is not supported by this server! Browser console doesn't output any details either.

Do you not support hardware MFA on self-hosted instances, or are there some environment variables I have to set, like a Yubico client ID and secret for YubiKeys? Couldn't find anything about this in your documentation or in other issues here. Is there some place where I can find all the environment variables that I missed?

[nmk-freelance]

Maybe, you can try setting PL_AUTH_TYPES on your server.

# =============================================================================
# AUTHENTICATION
#
# Supported types: email, webauthn_platform, webauthn_portable, totp, public_key, openid
# =============================================================================

# PL_AUTH_TYPES=email,totp

padloc/docs/examples/config/example.env

Line 218 in 30ebb78

# Supported types: email, webauthn_platform, webauthn_portable, totp, public_key, openid

[MaKleSoft]

@nmk-freelance Is on the right track. You'll need to set the following env variables:

PL_AUTH_TYPES=email,totp,webauthn_platform,webauthn_portable
PL_AUTH_WEBAUTHN_RP_NAME=your.domain.com
PL_AUTH_WEBAUTHN_RP_ID=your.domain.com
PL_AUTH_WEBAUTHN_ORIGIN=https://your.domain.com

More details about the "Relying Party" info here: https://simplewebauthn.dev/docs/packages/server#identifying-your-rp