WebAuthn Redirection Added to Browser RDP Clients
🔒 Prisma Browser added WebAuthn redirection to its in-browser RDP client, becoming the first non-Windows client to support Microsoft’s MS-RDPEWA protocol. The team found gaps in the spec, reverse-engineered undocumented Windows server behavior, and created a custom Chromium extension API to accept precomputed clientDataHash values. This approach reuses Chromium’s FIDO2 stack to support USB keys, Touch ID, Windows Hello and phone-as-authenticator transports.
