AWS Security ChangesHomeSearch

AWS dcv documentation change

Service: dcv · 2025-10-25 · Documentation low

File: dcv/latest/adminguide/config-webauthn-redirect.md

Summary

Restructured WebAuthn redirection documentation by removing detailed browser extension installation steps and adding links to platform-specific configuration guides

Security assessment

The changes reorganize existing security documentation about WebAuthn authentication but don't introduce new security features or address specific vulnerabilities. The removal of detailed Group Policy configuration steps and Incognito mode instructions suggests content was moved to dedicated platform-specific guides rather than addressing security flaws.

Diff

diff --git a/dcv/latest/adminguide/config-webauthn-redirect.md b/dcv/latest/adminguide/config-webauthn-redirect.md
index c41677c4a..a3a9b5977 100644
--- a//dcv/latest/adminguide/config-webauthn-redirect.md
+++ b//dcv/latest/adminguide/config-webauthn-redirect.md
@@ -5,2 +4,0 @@
-Setting Up the WebAuthn Redirection Browser Extension
-
@@ -9 +7 @@ Setting Up the WebAuthn Redirection Browser Extension
-Beginning with Amazon DCV Server 2023.1, users can authenticate web applications that use the Web Authentication (WebAuthn) standard in supported browsers within remote sessions. This is done by redirecting the authentication prompts to locally connected FIDO2 authenticators, such as Windows Hello or YubiKey, or any other FIDO2 compliant authenticator.
+Beginning with Amazon DCV Server 2023.1, users can authenticate on web applications that use the Web Authentication (WebAuthn) standard in supported browsers within remote sessions. This is done by redirecting the authentication prompts to locally connected authenticators, such as Windows Hello or YubiKey, or any other FIDO2 compliant authenticator.
@@ -15,44 +13 @@ Before using WebAuthn, double check the [Supported Features](./servers.html#feat
-Supported browsers:
-
-  * Google Chrome 116 or later
-
-  * Microsoft Edge 116 or later
-
-
-
-
-WebAuthn redirection can be enabled or disabled using the `webauthn-redirection` permission. For more information, see [Working with permissions files](./security-authorization-file-create.html). 
-
-WebAuthn redirection requires a browser extension to be installed on the remote server. When the feature is enabled and the browser extension is installed, any WebAuthn requests initiated by the web applications running in the browser within the session are seamlessly redirected to the local client. Users can then use utilize devices like Windows Hello or YubiKey to finalize the authentication.
-
-###### Note
-
-While this feature allows WebAuthn within a browser during a remote session, it does not support DCV session authentication using WebAuthn authenticators.
-
-## Setting Up the WebAuthn Redirection Browser Extension
-
-### Automatic Prompt on First Browser Launch
-
-After installing the Amazon DCV Server 2023.1 with WebAuthn redirection enabled, users will be prompted to enable the browser extension when they first launch their browser. If they choose not to install the extension or uninstall it later, WebAuthn redirection will not work. An administrator can enforce installation using the Group Policy.
-
-### Installing Using the Group Policy
-
-For organizations looking to deploy the extension on a broader scale, you can utilize the Group Policy.
-
-###### Using Microsoft Edge:
-
-  1. Download and install the [Microsoft Edge administrative template.](https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge#1-download-and-install-the-microsoft-edge-administrative-template)
-
-  2. Launch the Group Policy Management tool (gpmc.msc).
-
-  3. Navigate through: Forest > Domains > Your FQDN (e.g., example.com) > Group Policy Objects.
-
-  4. Select desired policy or create a new one then right-click on it and select "Edit".
-
-  5. Follow this path: Computer Configuration > Administrative Templates > Microsoft Edge > Extensions.
-
-  6. Access "Configure extension management settings", set it to "Enabled".
-
-  7. In the field for Configure extension management settings, enter the following: 
-    
-        {"ihejeaahjpbegmaaegiikmlphghlfmeh":{"installation_mode":"force_installed","update_url":"https://edge.microsoft.com/extensionwebstorebase/v1/crx"}}
+###### Topics
@@ -60 +15 @@ For organizations looking to deploy the extension on a broader scale, you can ut
-  8. Save the changes and reboot the server.
+  * [Configuring WebAuthn redirection on Windows hosts](./webauth-windows.html)
@@ -61,0 +17 @@ For organizations looking to deploy the extension on a broader scale, you can ut
+  * [Configuring WebAuthn redirection on Linux hosts](./webauth-linux.html)
@@ -65,40 +20,0 @@ For organizations looking to deploy the extension on a broader scale, you can ut
-###### Using Google Chrome:
-
-  1. Obtain and implement the [Google Chrome administrative template](https://chromeenterprise.google/browser/download/#manage-policies-tab)
-
-  2. Similar to the steps for Microsoft Edge, navigate through the Group Policy Management tool.
-
-  3. Proceed to: Computer Configuration > Administrative Templates > Google Chrome > Extensions.
-
-  4. Access "Configure extension management settings", set it to "Enabled".
-
-  5. In the field for Configure extension management settings, enter the following: 
-    
-        {"mmiioagbgnbojdbcjoddlefhmcocfpmn":{ "installation_mode":"force_installed","update_url":"https://clients2.google.com/service/update2/crx"}}
-
-  6. Save the changes and reboot the server.
-
-
-
-
-### Installing Manually
-
-Extensions can be sourced from the respective browser stores:
-
-  * [ Microsoft Edge Add-ons](https://microsoftedge.microsoft.com/addons/detail/dcv-webauthn-redirection-/ihejeaahjpbegmaaegiikmlphghlfmeh)
-
-  * [ Chrome Web Store](https://chrome.google.com/webstore/detail/dcv-webauthn-redirection/mmiioagbgnbojdbcjoddlefhmcocfpmn)
-
-
-
-
-For manual installation:
-
-  1. Connect to your Amazon DCV session.
-
-  2. Open your preferred browser, and navigate to the relevant browser store (links above).
-
-  3. Proceed by selecting "Get" (Microsoft Edge) or "Add to Chrome" (Google Chrome).
-
-  4. Follow the on-screen instructions. A confirmation will appear once the extension is successfully added.
-
@@ -105,0 +22 @@ For manual installation:
+WebAuthn is supported on Windows and Linux hosts, and on Windows, Mac and Linux clients.
@@ -106,0 +24 @@ For manual installation:
+  * Google Chrome 116 or later
@@ -108 +26 @@ For manual installation:
-### Using WebAuthn redirection in Incognito mode (Chrome only)
+  * Microsoft Edge 116 or later
@@ -110 +27,0 @@ For manual installation:
-When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs to be specifically allowed to run within it, otherwise WebAuthn Redirection will not occur. To do this:
@@ -112 +28,0 @@ When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs t
-  1. Open the extension settings.
@@ -114 +29,0 @@ When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs t
-  2. Find **Allow in Incognito** in the details.
@@ -116 +31 @@ When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs t
-  3. Toggle the switch to **On**.
+WebAuthn redirection can be enabled or disabled using the `webauthn-redirection` permission. For more information, see [Working with permissions files](./security-authorization-file-create.html). 
@@ -117,0 +33 @@ When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs t
+WebAuthn redirection requires a browser extension to be installed on the remote server. When the feature is enabled and the browser extension is installed, any WebAuthn requests initiated by the web applications running in the browser within the session are seamlessly redirected to the local client. Users can then use utilize devices like Windows Hello or YubiKey to finalize the authentication.
@@ -118,0 +35 @@ When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs t
+###### Note
@@ -119,0 +37 @@ When using Incognito mode, the Amazon DCV WebAuthn Redirection Extension needs t
+While this feature allows WebAuthn within a browser during a remote session, it does not support DCV session authentication using WebAuthn authenticators.
@@ -129 +47 @@ Configuring smart card caching
-Enabling session storage
+Configuring WebAuthn redirection on Windows hosts