Merge pull request #6136 from ImalshaD/idp_add_fido2_timeout

AfraHussaindeen · web-flow · commit cffae2011bc2 · 2026-05-14T09:48:13.000+05:30
Add fido2 user response timeout docs.
diff --git a/en/identity-server/7.2.0/docs/_data/configuration_catalog.yaml b/en/identity-server/7.2.0/docs/_data/configuration_catalog.yaml
@@ -1712,6 +1712,21 @@ sections:
 
   # ─────────────────────────── FIDO / PASSKEYS ───────────────────────────
 
+  - id: fido
+    hyperlink: fido
+    title: FIDO
+    tasks: [configure-fido]
+    description: >
+      Configures general FIDO/WebAuthn settings such as the user response timeout for FIDO2 device registration.
+
+    configs:
+      - key: user_response_timeout
+        type: string
+        required: false
+        default: "300000"
+        description: >
+          The time in milliseconds sent as a hint to the browser for how long to wait for the user to interact with their FIDO2 authenticator during device registration. This timeout is enforced by the browser, not the server, and applies only to FIDO2 device registration (not authentication).
+
   - id: fido.metadata_service
     hyperlink: fido-metadata-service
     title: FIDO metadata service
diff --git a/en/identity-server/next/docs/_data/configuration_catalog.yaml b/en/identity-server/next/docs/_data/configuration_catalog.yaml
@@ -2666,6 +2666,21 @@ sections:
 
   # ─────────────────────────── FIDO / PASSKEYS ───────────────────────────
 
+  - id: fido
+    hyperlink: fido
+    title: FIDO
+    tasks: [configure-fido]
+    description: >
+      Configures general FIDO/WebAuthn settings such as the user response timeout for FIDO2 device registration.
+
+    configs:
+      - key: user_response_timeout
+        type: string
+        required: false
+        default: "300000"
+        description: >
+          The time in milliseconds sent as a hint to the browser for how long to wait for the user to interact with their FIDO2 authenticator during device registration. This timeout is enforced by the browser, not the server, and applies only to FIDO2 device registration (not authentication).
+
   - id: fido.metadata_service
     hyperlink: fido-metadata-service
     title: FIDO metadata service
diff --git a/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md b/en/includes/guides/authentication/passwordless-login/add-passwordless-login-with-passkey.md
@@ -186,4 +186,29 @@ To enable this restriction, add the following configuration to the `<IS_HOME>/re
 
 {% endif %}
 
+{% if is_version is defined and is_version >= "7.1.0" %}
+
+## Configure FIDO user response timeout
+
+During FIDO2 device registration, {{ product_name }} sends a timeout hint to the browser indicating how long it should wait for the user to interact with their FIDO2 authenticator. By default, this is set to **300000 milliseconds (5 minutes)**.
+
+!!! note
+    This timeout is enforced by the browser, not by {{ product_name }}, and only applies to **device registration**. It does not affect the authentication flow. Some browsers may override this value based on their own policies.
+
+To change this timeout, add the following configuration to the `<IS_HOME>/repository/conf/deployment.toml` file.
+
+  ```toml
+    [fido]
+    user_response_timeout = "<timeout_in_milliseconds>"
+  ```
+
+For example, to set the timeout to 2 minutes:
+
+  ```toml
+    [fido]
+    user_response_timeout = "120000"
+  ```
+
+{% endif %}
+
 {% include "./fido-trusted-applications.md" %}
