FIDO2 redirection in Chrome and Edge doesn't work

FIDO2 redirection in Chrome and Edge doesn't work

book

Article ID: CTX691776

calendar_today

Updated On:

Description

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/fido2.html#local-authorization-and-virtual-authentication-using-fido2-and-webauthn was followed.

However devices which use Fido2 such as fingerprint readers and YubiKey devices are not detected in the browser,

Resolution

FSlogix rules are blocking access to the Chrome.exe file.  FSlogix rules are used to hide applications for users.

However these were inadvertently applied to  System account and administrators group  which prevented Fido2  redirection. After removing the rules redirection started working.

 
 

Problem Cause

 

A CDF trace shows this error.

165837    7    2024/09/04 21:29:47:15139    29492    12616    CtxSvcHost.exe(FidoSvc)    0    Error    FidoNpServerConn::ParseAndValidateAllowedProcesses the process path is not valid or does not exist, skipping this    

 

This is what should be seen in a working scenario.

1150436    7    2024/08/02 18:28:00:13629    7192    6536    CtxSvcHost.exe(FidoSvc)    0    FidoNpServerConn::ParseAndValidateAllowedProcesses Process Allowed C:\Program Files\Google\Chrome\Application\chrome.exe    

A ProcMon log shows that the "Citrix WebAuthn Redirection Service" used by  Citrix is unable to access Chrome.exe  through MS API CreateFile() around that time.

 

Fido1.PNG

Fido2.PNG

 

Powered by Wolken Software