Installation Instructions on a Server with a FIDO2 Server on a SEPARATE Server

1. If installing this sample application on a separate server, StrongKey's software stack must be installed to make it work. Follow these steps to do so:

   • Complete Steps 1–5 of the FIDO Server Installation Instructions but come back here after completing Step 5

   • Edit the install-skfs.sh script in a text editor; on the line INSTALL_FIDO=Y, change the value of Y to N

   • Run the script install-skfs.sh

      sudo ./install-skfs.sh

2. Continue the installation as shown under Installation Instructions on a Server with a FIDO2 Server on the SAME Server. Note that this assumes SKFS was previously installed on the server without modifying the install-skfs.sh script.

Installation Instructions on a Server with a FIDO2 Server on the SAME Server

1. Create the following directories to configure the WebAuthn servlet home folder:

   sudo mkdir -p /usr/local/strongkey/sfakma/etc

2. Create a configuration file for the service provider web application.

   sudo vi /usr/local/strongkey/sfakma/etc/sfakma-configuration.properties

3. Enter the appropriate values (listed in []) to configure the sample application with an SKFS instance and an email server (Gmail may also be used as the mail server with a personal Gmail account; enable access through the Google account’s security settings). If the mail server has a self-signed certificate, make sure to import it in the GlassFish TrustStore before continuing.

   sfakma.cfg.property.apiuri=https://**[hostname of FIDO Server]**:8181
   sfakma.cfg.property.mailhost.type=**[SendMail or SSL or StartTLS]**
   sfakma.cfg.property.mailhost=**[localhost or hostname of mailhost]**
   sfakma.cfg.property.mail.smtp.port=**[25 (SendMail) or mail server's port]**
   sfakma.cfg.property.smtp.from=**[local-part of email address]**
   sfakma.cfg.property.smtp.fromName=**[Human readable name associated with email]**
   sfakma.cfg.property.smtp.auth.user=**[Username used to login to mail server]**
   sfakma.cfg.property.smtp.auth.password=**[Password used to login to mail server]**
   sfakma.cfg.property.email.subject=Verify your email address
   sfakma.cfg.property.email.type=HTML
   

   Save and exit.

4. Download the service provider web application distribution -  sfakmaserver-vx-xx-dist.tgz:

   wget https://sourceforge.net/projects/strongkeyfido/files/v4.13.2/sampleapps/java/sacl/sfakma/sfakmaserver-v4.13.2-dist.tgz

5. Verify if sha256sum for the distribution matches 4c27cc3ee371aa8d6407907b46da5ecc3c9825e8b86a70a54d345198d53fe386

   shell> sha256sum sfakmaserver-v4.13.2-dist.tgz

6. Extract the downloaded file to the current directory:

   tar xvzf sfakmaserver-v4.13.2-dist.tgz

7. Execute the install-sfakmaserver.sh script as follows:

   sudo ./install-sfakmaserver.sh

8. Test that the servlet is running by executing the following cURL command and confirming that the API Web Application Definition Language (WADL) file is returned in response.

   curl -k https://localhost:8181/sfakma/fido2/application.wadl

   The SFAKMA server is installed. Continue to install the front-end Angular application.

9. Switch users to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.

   su - strongkey
   

10. Download the web application distribution for SKFS - sfakma-ui-dist.tar.gz.

    wget https://sourceforge.net/projects/strongkeyfido/files/v4.13.2/sampleapps/java/sacl/sfakma/sfakma-ui-dist.tar.gz
    

11. Verify if sha256sum for the distribution matches 79a26e404045094ccfff31d42bdec1fabd8fd09c3b5a8d02d841a05c9a0bce58

    shell> sha256sum sfakma-ui-dist.tar.gz

12. Extract the downloaded file.

    tar xvzf sfakma-ui-dist.tar.gz
    

13. Copy all the files to the Payara docroot.

    mkdir /usr/local/strongkey/payara6/glassfish/domains/domain1/docroot/kma
    cp -r dist/* /usr/local/strongkey/payara6/glassfish/domains/domain1/docroot/kma
    

14. Optional: Modify the background image and the logo image.

    cp <your background> /usr/local/strongkey/payara6/glassfish/domains/domain1/docroot/assets/app/media/img/bg/background.jpg
    cp <your logo> /usr/local/strongkey/payara6/glassfish/domains/domain1/docroot/assets/app/media/img/logo/logo.png
    

15. The application is deployed in docroot on the SFAKMA server. Access it as follows in a browser:

    https://<FQDN-of-sfakma-server>:8181/kma
    

Removal

To uninstall the service provider sample web application, follow the Removal instructions. Removing SKFS also removes the sample service provider web application and sample WebAuthn client. If this SFAKMA was installed on top of SKFS, the cleanup script will erase SKFS as well. If this was a standalone install, the cleanup script will only remove the SFAKMA application.

Contributing to the Sample Service Provider Web Application

If you would like to contribute to the sample service provider web application project, please read CONTRIBUTING.md, then sign and submit the Contributor License Agreement (CLA).

More Information on FIDO2

For detailed information on the FIDO2 project, visit the technical specification:

• Complete WebAuthn specification
• A useful diagram of WebAuthn functional flow

For more information on the originating jargon and related terms, visit the Internet Engineering Task Force (IETF) Request for Comments (RFC):

• The definition of "service provider" is in the second paragraph of 1.1. Background, therein referred to as, "relying parties."

Licensing

This project is currently licensed under the GNU Lesser General Public License v2.1.