Upgrade doc for U2F deprecation (#2695)

doc/sources/admin/upgrade_2_0_x.rst

@@ -34,6 +34,16 @@ Security
 
 * **CVE-2021-40874**: RESTServer pwdConfirm always returns true with Combination + Kerberos (see `issue 2612 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612>`__)
 
+
+U2F deprecation in Chrome 98
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Chrome 98 `removed U2F support by default <https://developer.chrome.com/blog/deps-rems-95/#deprecate-u2f-api-cryptotoken>`__. You can enable them back temporarily in ``chrome://flags`` by setting *Enable the U2F Security Key API* to *Enabled* and *Enable a permission prompt for the U2F Security Key API* to *Disabled*
+
+LemonLDAP::NG provides a newer alternative: :doc:`webauthn2f`, which is compatible with U2F security keys. Please read :ref:`migrateu2ftowebauthn` for instructions on how to convert U2F secrets to WebAuthn.
+
+After migration, you will need to disable U2F from the configuration and enable WebAuthn instead, in *General Parameters* » *Second Factors* » *WebAuthn*
+
 Weak encryption used for password-protected SAML keys
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

doc/sources/admin/webauthn2f.rst

@@ -16,6 +16,16 @@ Currently, we implement:
 * Device registration without attestation validation (attestation type: *None*)
 * Authentication as a second factor with the registered device
 
+Requirements
+~~~~~~~~~~~~
+
+You need to install the `Authen::WebAuthn` CPAN module for WebAuthn to work on
+your LemonLDAP::NG installation. If there is no package for it in your
+distribution, you can install it with:
+
+```
+cpanm Authen::WebAuthn
+```
 
 Configuration
 ~~~~~~~~~~~~~
@@ -38,6 +48,9 @@ Configuration
   the choice screen
 - **Logo** (Optional): logo file *(in static/<skin> directory)*
 
+
+.. _migrateu2ftowebauthn:
+
 Migrating existing U2F devices
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~