Product Documentation

    Installation Instructions on a Server with a FIDO2 Server on a SEPARATE Server

    1. If installing this sample application on a separate server, StrongKey's software stack must be installed to make it work. Follow these steps to do so:

      • Complete Steps 1–5 of the FIDO server installation instructions but come back here after completing Step 5

      • Edit the install-skfs.sh script and find the POLICY_DOMAINS=ALL line.

        Update the value of the POLICY_DOMAINS variable from ALL to ONE.

      • Run the script install-skfs.sh

        sudo ./install-skfs.sh

      • Undeploy the fidoserver application

        asadmin undeploy fidoserver

    2. Continue the installation as shown under Installation Instructions on a Server with a FIDO2 Server on the SAME Server. Note that this assumes SKFS was previously installed on the server without modifying the install-skfs.sh script.

    Installation Instructions on a Server with a FIDO2 Server on the SAME Server

    1. Create the following directories to configure the WebAuthn servlet home folder:

      sudo mkdir -p /usr/local/strongkey/sfaeco/etc

    2. Create a configuration file for the service provider web application.

      sudo vi /usr/local/strongkey/sfaeco/etc/sfaeco-configuration.properties

    3. Enter the appropriate values (listed in []) to configure the sample application with SKFS and an email server (Gmail may also be used as the mail server with a personal Gmail account to send emails; access will need to be enabled through the Google account’s security settings). If the mail server has a self-signed certificate, make sure to import it in the GlassFish TrustStore before continuing.

      sfaeco.cfg.property.fido.origin=https://**[hostname of FIDO Server]**
sfaeco.cfg.property.fido.fqdn=https://**[hostname of FIDO Server]**:8181

      Save and exit.

    4. Download the service provider web application distribution sfaeco-vx-xx-dist.tgz:

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.15.1/sampleapps/java/sacl/sfaeco/sfaeco-v4.15.1-dist.tgz

    5. Verify if sha256sum for the distribution matches 953dca0a99fb56728aa62697c39b44314c24b9d031f7c8ed705f58695e69ee47

      sha256sum sfaeco-v4.15.1-dist.tgz

    6. Extract the downloaded file to the current directory:

      tar xvzf sfaeco-v4.15.1-dist.tgz

    7. Execute the install-sfaeco.sh script as follows:

      sudo ./install-sfaeco.sh

    8. Test that the servlet is running by executing the following cURL command and confirming that the API Web Application Definition Language (WADL) file is returned in response.

      curl -k https://localhost:8181/sfaeco-web/rest/application.wadl

    Optional Configurations

    The default MariaDB and LDAP credentials used by the web application may be changed by performing the following steps:

    • Update the MariaDB password variables found in the install script prior to running it: install-sfaeco.sh

      MARIA_DEMODBUSER_PASSWORD=AbracaDabra
MARIA_ROOT_PASSWORD=BigKahuna

    • The LDAP service credentials used by the web application may be changed by setting the following configurations in the configuration file found at: /usr/local/strongkey/sfaeco/etc/sfaeco-configuration.properties

      sfaeco.cfg.property.fido.svcpassword=<non-default FIDO service password>

    NOTE: When making changes to any configuration files, the Payara server must be restarted for any changes to take effect. This can be done by running the following as the strongkey user:

    sudo systemctl restart payara

    Removal

    To uninstall the service provider sample web application, follow the Removal instructions. Removing SKFS also removes the sample service provider web application and sample WebAuthn client. If this SFABOA was installed on top of SKFS, the cleanup script will erase SKFS as well. If this was a standalone install, the cleanup script will only remove the SFABOA application.

    Contributing to the Sample Service Provider Web Application

    If you would like to contribute to the sample service provider web application project, please read CONTRIBUTING.md, then sign and submit the Contributor License Agreement (CLA).

    More Information on FIDO2

    For detailed information on the FIDO2 project, visit the technical specification:

    For more information on the originating jargon and related terms, visit the Internet Engineering Task Force (IETF) Request for Comments (RFC):

    Licensing

    This project is currently licensed under the GNU Lesser General Public License v2.1.