Product Documentation

    This project is a service provider web application written in JavaScript and Java to work with the FIDO(R) Certified StrongKey FIDO2 Server (SKFS), Community Edition.

    Web application developers worldwide face multiple challenges in the near future: learning about FIDO2, coding in FIDO2, demonstrating to decision makers what FIDO2 can do for their company, and acquiring budgets and resources to transition to FIDO2 strong authentication. Unless many weeks (or months) are spent understanding how FIDO2 works, addressing all these challenges remains daunting.

    StrongKey has released this project to the open-source community to address these challenges. SKFS allows developers to do the following:

    • Setup a FIDO2-enabled single-page web application that can run unmodified and demonstrate FIDO2 registration, authentication, and some simple FIDO2 key management on the client side
    • The stock graphics and logos may be replaced with any company’s branding or graphics without additional programming—simply replace the graphic image files and reload the application; this allows one to demonstrate to peers and management what FIDO2 can do for the company and how the user experience (UX) might look in its most basic form.
    • Learn how FIDO2 works; all the code is available here in a web application framework
    • Use the FIDO(R) Certified, open-source FIDO2 server with the web application without having to anticipate deployment issues—as the FIDO2 Server proof of concept has already been deployed

    While this web application can show how to use W3C's WebAuthn (a subset of the FIDO2 specification) JavaScript, it is also intended to demonstrate how to use FIDO2 protocols with SKFS to enable strong authentication. Follow the instructions below to install this sample.

    This example showcases the following sample applications:

    • SFAECO: E-commerce application to serve the requests sent by the Android app and the SFABOA
    • SFABOA: Sample FIDO e-commerce application (back end)
    • SFAKMA: FIDO-enabled key management application
    • Android: Sample Android native app and the Android client library for FIDO

    Prerequisites

    • This service provider web application example must have a means of connecting with a StrongKey FIDO2 Server
    • Install a FIDO2 Server either on the same machine as the service provider web application or a different one
    • A Java web application server is required; these instructions assume Payara (GlassFish) is being used
    • These instructions assume the default ports for all the applications installed; Payara runs HTTPS on port 8181 by default, so make sure all firewall rules allow that port to be accessible

    Installation Instructions for Installing All the Applications to Demonstrate the Android App and SSO

    1. If installing this sample application on a separate server, StrongKey's software stack must be installed to make it work. Follow these steps to do so:

      • Complete Steps 1–5 of the Installation Guide but come back here after completing Step 5
      • Edit the install-skfs.sh script in a text editor; on the line INSTALL_FIDO=Y, change the value of Y to N
      • Run the script install-skfs.sh 
         sudo ./install-skfs.sh

    2. Continue the installation as shown under Installation Instructions on a Server with a FIDO2 Server on the SAME Server. Note that this assumes SKFS was previously installed on the server without modifying the install-skfs.sh script.

    Installation Instructions on a Server with a FIDO2 Server on the SAME Server

    1. First install the SFAECO. Follow the SFAECO Installation Guide instructions to download and install the latest version.

    2. The second application to be installed is SFABOA, which has to be installed on the same machine where SFAECO has been installed in the previous step. Follow the SFABOA Installation Guide instructions to download and install the latest version.

    3. The third application to be installed is SFAKMA. Follow the SFAKMA Installation Guide instructions to download and install the latest version.

    4. Now install the Android native app on an Android device. Follow the Android Native App Installation Guide instructions to download and install the latest version.

    5. All the required applications have been installed. Now enroll a user through your Android device and perform transactions.

    6. SFABOA is a web application that can now be used to view the transaction performed by the Android user, simulating 3DS.

      https://<FQDN-of-sfaboa-server>:8181/boa

    7. Register a user to the SFABOA application to view the transactions.

    8. To experience the SSO functionality, click the username at the top right and then click on My Profile. This redirects to a new application, SFAKMA, which will verify the exisintg JWT that was created when the user logged into SFABOA, then display a list of FIDO keys. If the JWT is invalid then it returns to the SFABOA login page.

    Removal

    To uninstall the service provider sample web application, follow the Removal instructions. Removing SKFS also removes the sample service provider web application and sample WebAuthn client. If this SFABOA was installed on top of SKFS, the cleanup script will erase SKFS as well. If this was a standalone install, the cleanup script will only remove the SFABOA application.

    Contributing to the Sample Service Provider Web Application

    If you would like to contribute to the Sample Service Provider Web Application project, please read CONTRIBUTING.md, then sign and submit the Contributor License Agreement (CLA).