After upgrading from VIP Authentication Hub 3.3 to IDSP (formerly VIP Authentication Hub) 3.4, passkey authentication fails during the login process.

Although the passkey is visible in the Admin Console and exists within the user's local vault (e.g., iPhone Keychain), the browser returns a "No passkeys available" error.

Error Message:

No passkeys available
There aren't any passkeys for [domain] on this device.

IDSP 3.4.8 (and higher)

The issue is caused by a restrictive configuration in the "passkeyauthenticationtransport" property. 

When this property is explicitly set to "internal, hybrid", the system limits the authentication search to built-in platform authenticators (like TouchID) or cross-device QR code flows (1).

This can prevent the browser from accessing passkeys stored in cloud-synced vaults or external security keys if the transport metadata does not match the specific requirements of the upgraded IDSP 3.4 handler.

To restore compatibility across all passkey storage types, the transport restriction must be cleared to allow the browser to negotiate the best available method.

Steps to resolve:

1. Access the IDSP Configuration Manager through API.
2. Locate the property: "passkeyauthenticationtransport".
3. Modify the value to be empty/null:
   
       Old Value: "internal, hybrid"
    New Value: ""


4. Save the configuration and restart the IDSP services to apply changes.
5. Re-attempt the authentication flow; the browser should now correctly prompt for the existing passkey.

Leaving the transport property empty allows the widest range of authenticators to respond to the request.

Note:

In version 3.4, the passkey handling logic was updated to align with stricter WebAuthn specifications (2)(3).

1. Configuring Tenant Settings for Platform and Cross-Platform Authenticators
   
   
2. Release Notes - 3.4.2
   
   
3. Web Authentication and Passkeys