Virtual Authenticator
A representation of the Web Authenticator model.
Web applications can enable a public key-based authentication mechanism known as Web Authentication to authenticate users in a passwordless manner. Web Authentication defines APIs that allows a user to create a public-key credential and register it with an authenticator. An authenticator can be a hardware device or a software entity that stores user’s public-key credentials and retrieves them on request.
As the name suggests, Virtual Authenticator emulates such authenticators for testing.
Virtual Authenticator Options
A Virtual Authenticatior has a set of properties. These properties are mapped as VirtualAuthenticatorOptions in the Selenium bindings.
new PKCS8EncodedKeySpec(Base64.getUrlDecoder().decode(base64EncodedEC256PK));
public WebDriver driver;
@BeforeEach
public void setup() {
driver = new ChromeDriver(); // Create virtual authenticator options
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.SetIsUserVerified(true)
.SetHasUserVerification(true)
.SetIsUserConsenting(true)
.SetTransport(VirtualAuthenticatorOptions.Transport.USB)
.SetProtocol(VirtualAuthenticatorOptions.Protocol.U2F)
.SetHasResidentKey(false); it('Virtual options', async function () {
options = new VirtualAuthenticatorOptions();
options.setIsUserVerified(true);
options.setHasUserVerification(true);
options.setIsUserConsenting(true);
options.setTransport(Transport['USB']);
options.setProtocol(Protocol['U2F']);Add Virtual Authenticator
It creates a new virtual authenticator with the provided properties.
@Test
public void testVirtualOptions() {
// Create virtual authenticator options
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.setIsUserVerified(true) // Create virtual authenticator options
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.SetProtocol(VirtualAuthenticatorOptions.Protocol.U2F)
.SetHasResidentKey(false);
// Register a virtual authenticator
((WebDriver)driver).AddVirtualAuthenticator(options);
List<Credential> credentialList = ((WebDriver)driver).GetCredentials(); options.setProtocol(Protocol['U2F']);
options.setHasResidentKey(false);
// Register a virtual authenticator
await driver.addVirtualAuthenticator(options);Remove Virtual Authenticator
Removes the previously added virtual authenticator.
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions() VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.SetProtocol(VirtualAuthenticatorOptions.Protocol.U2F)
.SetHasResidentKey(false);
String virtualAuthenticatorId = ((WebDriver)driver).AddVirtualAuthenticator(options);
((WebDriver)driver).RemoveVirtualAuthenticator(virtualAuthenticatorId); await driver.addVirtualAuthenticator(options);
await driver.removeVirtualAuthenticator();Create Resident Credential
Creates a resident (stateful) credential with the given required credential parameters.
public void testRemoveAuthenticator() {
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions();
VirtualAuthenticator authenticator =
((HasVirtualAuthenticator) driver).addVirtualAuthenticator(options); byte[] credentialId = { 1, 2, 3, 4 };
byte[] userHandle = { 1 };
Credential residentCredential = Credential.CreateResidentCredential(
credentialId, "localhost", base64EncodedPK, userHandle, 0);Create Non-Resident Credential
Creates a resident (stateless) credential with the given required credential parameters.
new PKCS8EncodedKeySpec(Base64.getUrlDecoder().decode(base64EncodedEC256PK));
byte[] credentialId = {1, 2, 3, 4}; byte[] credentialId = { 1, 2, 3, 4 };
Credential nonResidentCredential = Credential.CreateNonResidentCredential(
credentialId, "localhost", base64EncodedEC256PK, 0);Add Credential
Registers the credential with the authenticator.
.setProtocol(VirtualAuthenticatorOptions.Protocol.U2F)
.setHasResidentKey(true);
VirtualAuthenticator authenticator = ((HasVirtualAuthenticator) driver).addVirtualAuthenticator(options);
PKCS8EncodedKeySpec privateKey =
new PKCS8EncodedKeySpec(Base64.getUrlDecoder().decode(base64EncodedEC256PK));
byte[] credentialId = {1, 2, 3, 4};
byte[] userHandle = {1}; VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.SetProtocol(VirtualAuthenticatorOptions.Protocol.U2F)
.SetHasResidentKey(false);
((WebDriver)driver).AddVirtualAuthenticator(options);
byte[] credentialId = { 1, 2, 3, 4 };
Credential nonResidentCredential = Credential.CreateNonResidentCredential(
credentialId, "localhost", base64EncodedEC256PK, 0);
((WebDriver)driver).AddCredential(nonResidentCredential);Get Credential
Returns the list of credentials owned by the authenticator.
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.setProtocol(VirtualAuthenticatorOptions.Protocol.U2F)
.setHasResidentKey(false);
VirtualAuthenticator authenticator = ((HasVirtualAuthenticator) driver).addVirtualAuthenticator(options);
byte[] credentialId = {1, 2, 3, 4};
Credential nonResidentCredential = Credential.createNonResidentCredential(
credentialId, "localhost", ec256PrivateKey, /*signCount=*/0);
authenticator.addCredential(nonResidentCredential);
List<Credential> credentialList = authenticator.getCredentials();
Assertions.assertEquals(1, credentialList.size());
Credential credential = credentialList.get(0); VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.SetProtocol(Protocol.CTAP2)
.SetHasResidentKey(true)
.SetHasUserVerification(true)
.SetIsUserVerified(true);
((WebDriver)driver).AddVirtualAuthenticator(options);
byte[] credentialId = { 1, 2, 3, 4 };
byte[] userHandle = { 1 };
Credential residentCredential = Credential.CreateResidentCredential(
credentialId, "localhost", base64EncodedPK, userHandle, 0);
((WebDriver)driver).AddCredential(residentCredential);
List<Credential> credentialList = ((WebDriver)driver).GetCredentials();Remove Credential
Removes a credential from the authenticator based on the passed credential id.
.setIsUserVerified(true);
VirtualAuthenticator authenticator = ((HasVirtualAuthenticator) driver).addVirtualAuthenticator(options);
byte[] credentialId = {1, 2, 3, 4};
byte[] userHandle = {1};
Credential residentCredential = Credential.createResidentCredential(
credentialId, "localhost", rsaPrivateKey, userHandle, /*signCount=*/0);
authenticator.addCredential(residentCredential);
((WebDriver)driver).AddVirtualAuthenticator(new VirtualAuthenticatorOptions());
byte[] credentialId = { 1, 2, 3, 4 };
Credential nonResidentCredential = Credential.CreateNonResidentCredential(
credentialId, "localhost", base64EncodedEC256PK, 0);
((WebDriver)driver).AddCredential(nonResidentCredential);
((WebDriver)driver).RemoveCredential(credentialId);Remove All Credentials
Removes all the credentials from the authenticator.
Assertions.assertArrayEquals(rsaPrivateKey.getEncoded(), credential.getPrivateKey().getEncoded());
}
@Test
public void testRemoveCredential() {
VirtualAuthenticator authenticator =
((HasVirtualAuthenticator) driver).addVirtualAuthenticator(new VirtualAuthenticatorOptions());
byte[] credentialId = {1, 2, 3, 4};
Credential credential = Credential.createNonResidentCredential( ((WebDriver)driver).AddVirtualAuthenticator(new VirtualAuthenticatorOptions());
byte[] credentialId = { 1, 2, 3, 4 };
Credential nonResidentCredential = Credential.CreateNonResidentCredential(
credentialId, "localhost", base64EncodedEC256PK, 0);
((WebDriver)driver).AddCredential(nonResidentCredential);
((WebDriver)driver).RemoveAllCredentials();Set User Verified
Sets whether the authenticator will simulate success or fail on user verification.
Assertions.assertEquals(0, authenticator.getCredentials().size());
} VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.SetIsUserVerified(true);
Last modified May 15, 2023: Java use Base Test class where possible (#1384) (1722cc599d)
