MitID as passkey manager tests

Test demonstrates the seamless registration and the very few steps needed to perform both FIDO and app-authentication using a combined authenticator frontend.

Test is performed on iOS 18.

Step	Result - iOS 18
App: Open app. Notice the warning on top (red frame). Click the frame.
App: Click 'Slå til' to accept enabling test-app as autofill provider (passkey manager).
App: Now select 'Opret test-identitet'. This causes the app to create a test-identity and an internal (MitID) FIDO key. Note the user-id for the created user.
On mobile device with App installed: Open browser, and go to service provider site. Click the 'Log ind i netbanken' link on welcome page. This link instructs the broker to perform authentication with FIDO.
Select 'Godkend på denne låste enhed' to perform same-device FIDO + App authentication.
Select 'Fortsæt' to authenticate with passkey and continue to test-app-approval.
Select 'Godkend' to authenticate with app-authenticator.
You are now logged in.

Test demonstrates combined FIDO,app cross device authentication using new passkey manager approach.

Screenshots are from Edge, Windows 11 and iOS 18.

Step	Result - pc/Mac	Result - app
Select 'Log ind i netbanken'.
Select 'Fortsæt'.
Select 'Godkend fra anden enhed'.
Open test-app and select 'Scan QR-kode'.
Select 'Fortsæt' in test-app to establish BLE connection with pc/Mac.
Wait for connection to be etablished.
Select 'Fortsæt' to authenticate with passkey and continue to test-app-approval.
Select 'Godkend' to authenticate with app-authenticator.
You are now logged in.

Test demonstrates how a code token user can use 'enhedslåsning' to install FIDO (Windows Hello) on his/her Windows pc.

The test does not involve the test-app, only a Windows pc and browser (Edge in this example).

Step	Result - pc
Go to test self-service.
Select 'Opret testbruger' and click 'Opret'. Click the clipboard icon to copy the username fo clipboard. Finally click 'Registrer FIDO nøgle'.
On the key registration page, click 'Opret' to begin Windows Hello key registration. In the pop-up, enter your Windows Hello pin code.
A receipt for key creation is shown. Click 'OK' to continue.
Test self-service system shows receipt for saving the key.
Go to service provider page Select 'Log ind i netbanken med Kodeviser'
Enter identity claim (CTRL-V, since you just copied it to clipboard above :) ) Select 'Fortsæt'
Client notices that you have a Windows Hello key. Since client is running on Windows, key is assumed to be here. Select 'Godkend på denne låste enhed
Enter Windows Hello pin code.
Note that the test-client does not require the user to enter a password, you are taken straight to the code token authenticator. Enter your code token code - always 123456 here. Select 'Fortsæt'
You are now logged in.

Users may experience that they are not able to perform cross-device authentication using BLE due to corporate policies or hardware preventing use of Bluetooth.

In this case, users may obtain FIDO phishing protection by registering a FIDO key on their pc/Mac and use app-approval by swipe. Since FIDO is used there is no need to perform additional channel binding (QR/OTP) in this case.

This test case shows how to register a pc-key (Windows Hello) and use it in combination with app.

Screenshots are from Edge, Windows 11 and iOS 18.

Step	Result - pc/Mac	Result - app
Create test identity as shown in PM1 test.
Go to test self-service and select 'Opret loginnøgle'. Enter username and click 'Opret'. Perform Windows Hello authentication FIDO key is now registered.
Go to service provider page and enter username. Click 'Fortsæt'.
Click 'Godkend på denne låste enhed'.
Authenticate using Windows Hello.
Now open app to authenticate. Note that no QR/OTP is needed, since FIDO has already been used to ensure channel binding. Click 'Godkend' in app to complete authentication.
You are now logged in.