diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb
index e6919d46..a25b0435 100644
--- a/spec/unit/puppet/type/keycloak_realm_spec.rb
+++ b/spec/unit/puppet/type/keycloak_realm_spec.rb
@@ -62,11 +62,63 @@
     max_failure_wait_seconds: 900,
     minimum_quick_login_wait_seconds: 60,
     wait_increment_seconds: 60,
-    quick_login_check_milli_seconds: 1000,
-    max_delta_time_seconds: 43200,
+    quick_login_check_milli_seconds: 1_000,
+    max_delta_time_seconds: 43_200,
     failure_factor: 30,
+    web_authn_policy_rp_entity_name: 'keycloak',
+    web_authn_policy_signature_algorithms: ['ES256'],
+    web_authn_policy_rp_id: '',
+    web_authn_policy_attestation_conveyance_preference: 'not specified',
+    web_authn_policy_authenticator_attachment: 'not specified',
+    web_authn_policy_require_resident_key: 'not specified',
+    web_authn_policy_user_verification_requirement: 'not specified',
+    web_authn_policy_create_timeout: 0,
+    web_authn_policy_avoid_same_authenticator_register: :false,
+    web_authn_policy_acceptable_aaguids: [],
   }
 
+  # Test enumerable properties
+  describe 'enumerable properties' do
+    {
+      web_authn_policy_attestation_conveyance_preference: %w[none indirect direct],
+      web_authn_policy_authenticator_attachment: %w[platform cross-platform],
+      web_authn_policy_require_resident_key: %w[Yes No],
+      web_authn_policy_user_verification_requirement: %w[required preferred discouraged]
+    }.each do |p, values|
+      values.each do |v|
+        it "accepts #{v} for #{p}" do
+          config[p] = v
+          expect(resource[p]).to eq(v)
+        end
+      end
+
+      it "does not accept foo for #{p}" do
+        config[p] = 'foo'
+        expect {
+          resource
+        }.to raise_error(%r{foo})
+      end
+
+      it "does not accept empty for #{p}" do
+        config[p] = ''
+        expect {
+          resource
+        }.to raise_error(%r{''})
+      end
+
+      it "does not accept nil for #{p}" do
+        config[p] = nil
+        expect {
+          resource
+        }.to raise_error(%r{nil})
+      end
+
+      it "has default for #{p}" do
+        expect(resource[p]).to eq(defaults[p])
+      end
+    end
+  end
+
   describe 'basic properties' do
     # Test basic properties
     [
@@ -92,7 +144,9 @@
       :smtp_server_from_display_name,
       :smtp_server_reply_to,
       :smtp_server_reply_to_display_name,
-      :default_locale
+      :default_locale,
+      :web_authn_policy_rp_entity_name,
+      :web_authn_policy_rp_id
     ].each do |p|
       it "accepts a #{p}" do
         config[p] = 'foo'
@@ -130,6 +184,7 @@
       :quick_login_check_milli_seconds,
       :max_delta_time_seconds,
       :failure_factor,
+      :web_authn_policy_create_timeout
     ].each do |p|
       it "accepts a #{p}" do
         config[p] = 100
@@ -165,7 +220,7 @@
       :smtp_server_ssl,
       :brute_force_protected,
       :offline_session_max_lifespan_enabled,
-      :permanent_lockout,
+      :permanent_lockout
     ].each do |p|
       it "accepts true for #{p}" do
         config[p] = true
@@ -209,7 +264,9 @@
       :optional_client_scopes,
       :events_listeners,
       :supported_locales,
-      :roles
+      :roles,
+      :web_authn_policy_create_timeout,
+      :web_authn_policy_acceptable_aaguids
     ].each do |p|
       it "accepts array for #{p}" do
         config[p] = ['foo', 'bar']