If a computer is used by several people, it is essential that each user has their own local user account.
No MFA login may be set up with a technical account.
Important notice:
Passkey web application does not currently offer support for the Linux system.
To set up Passkey, we recommend that you use KeePassXC.
You will need a valid user account (BA number + corresponding password) and a codematrix (/en/its/dienstleistungen/iam/weblogin/shibboleth/mfa-codematrix-set-up-english/).
If you have enabled MFA, you must use it to log in to all devices. We recommendthat you perform the setup on all devices and set up at least 2 devices, as the codematrix does not need to be used for a new setup if one device is broken.
You need at least the Linux Ubuntu 22.04.4 LTS version to be able to carry out thesetup.
We recommend one of the following browser versions:
Google Chrome for Linux (web browser 126.0.6478.126 (official build)(64-bit))
Mozila Firefox Version 127.0.2 (64-Bit) Snap for Ubuntu canonical-002 - 1.0
Install KeePassXC for the desktop
To be able to use KeePassXC, we recommend that you download KeePassXC for Linux Desktops via the DOWNLOAD APPIMAGE button. To install KeePassXC afterwards, open a terminal window and enter the following commands:
cd ~/Downloads/ sudo apt install keepassxc
The next step is to create a new database in the program.
In the installed KeePassXC desktop version, open the menu. There you can go to New database via the Database option. Enter the desired database name here and click Next. Then click through the next steps by confirming with Next.
Now create a password that is rated as at least good or secure and confirm with Done. Finally, save the new database under Administrator computer.
Figure 3: Creating a database in the KeepassXC app
Note!
The password that you set up to unlock the KeePassXC should not be the same password that you use for the BA number or contain parts of the BA number.
Figure 5: Activate browser integration, General menu
Figure 6: Activate browser integration, advanced
Next, open the Tools option in the menu. Go to Browser integration via Settings and then to Activate browser integration. Now select the browser (we recommend Google Chrome) that you want to use and activate the points in the General tab:
Request correspondence if the database is locked
Compare URL scheme
Select the following points in the Advanced tab:
Also extended attributes Displays beginning with “KPH: ”
Allow use of localhost with passkeys
Update native messaging manifest at startup
Finally, confirm with OK.
Passkey setup with Chrome web browser
In the next step, you will find the web browser extensions.
You will find three bars in the top right-hand corner of the web browser. After you have opened these, follow the Extensions option. Then open Manage extensions so that the KeePass browser option appears. Add it to the web browser via Add and confirm in the opened window with Add extension.
Open the web browser and navigate to My Extensions via the Extensions menu to make sure that it is already activated and activate the Enable Passkey checkbox under General Settings under Passkeys. Next, follow the step to install KeepassXC for the desktop.
Passkey setup with Firefox web browser
Roll out passkey
To roll out the passkey, open the web application IAM-Portal - Create registration code.
Figure 7: Create registration code in the IAM portal Menu
The code matrix and the registration code should be displayed for selection as a registration option.
Copy the registration code from the IAM-Portal, enter it in the field on the Getpasskey and click on Check.
[Translate to English:] Abbildung 8: Anmelden bei Passkeys Uni-Bamberg durch Shibboleth
Select the menu item Roll out token.
As you have to roll out a passkey for each device, it is advisable to define a description accordingly.
Therefore, assign an appropriate name under Description, such as “Linux login”. Confirm this with Roll out token.
The temporary pop-up message “getpasskey.iam.uni-bamberg.de requests extended information...” will then be displayed. Please select the “Allow” option promptly. Otherwise the token will be deactivated and deleted.
Figure 9: Rolling out the token and confirming the notification
Then confirm the process in KeepassXC by clicking the Authenticate button.
Figure 11: Confirm authentication in KeePassXC Desktop
If the passkey has been successfully stored, you will receive the message The token has been rolled out in the next window.
Manage passkey
Passkeys are managed via the IAM portal (iam.uni-bamberg.de). You can deactivate or delete your passkeys under the Manage passkeys menu item. Please note that the corresponding passkey must be deleted immediately if the device is lost or stolen.
Figure 12: Managing passkeys in the IAM portal
Emergency registration with code matrix
Please only use the code matrix in an emergency and if you are sure that the passkey login is not available. Follow the steps on the page Information about Codematrix. There you will find the link to the detailed instructions.
![[Translate to English:] Abbildung 8: Anmelden bei Passkeys Uni-Bamberg durch Shibboleth](/fileadmin/_processed_/e/e/csm_Passkey_anmeldung_1_f32e11f65f.webp "[Translate to English:] Anmelden bei Passkeys Uni-Bamberg")
