WebAuthn Token settings

The WebAuthn token is a hardware token, that communicates with the browser. You may set a trust anchor directory, which is a path to a directory containing certificates to trust for WebAuthn authenticator attestation.

The path to the directory containing the trust anchors.

This should be a path to a local directory on the server, that eduMFA has read access to. It should contain certificate files. Any certificates in this directory will be trusted to correctly attest authenticators during enrollment.

This does not need to be set for WebAuthn to work, however without this, eduMFA can not check, whether an attestation certificate is actually trusted (it will still be checked for validity). Therefore it is mandatory to set this, if webauthn_authenticator_attestation_level is set to "trusted" by a policy for any user.

The trust_anchor_dir must be an absolute path.
The trust_anchor_dir must not end with a "/".