Product Documentation

    This section explains the usage of the SKFS Policy Module.

    NOTE: This document refers to this process as “registering a FIDO device.” This is to indicate the generation of a new and unique cryptographic key pair and the public key of that pair being registered with the website.

     This project is a service provider web application written in JavaScript and Java to work with StrongKey's FIDO® Certified FIDO2 Server, Community Edition.

    Web application developers worldwide face multiple challenges in the near future: learning about FIDO2, coding in FIDO2, demonstrating to decision makers what FIDO2 can do for their company, and acquiring budgets and resources to transition to FIDO2 strong authentication. Unless one spends many weeks (or months) understanding how FIDO2 works, addressing all these challenges remains daunting.

         StrongKey has released this project to the open-source community to address these challenges. The FIDO2 server allows developers to do the following:

    • Setup a FIDO2-enabled single-page web application that can run unmodified and demonstrate FIDO2 registration, authentication, and some simple FIDO2 key management on the client side
    • Substitute the stock graphics and logo with custom graphics and logo without additional programming—just replace the graphic image files and reload the application; this allows one to demonstrate to peers and management what FIDO2 can do for the company, and how the user experience (UX) might look in its basic form
    • Learn how FIDO2 works; all the code is available here in a web application framework
    • Use the FIDO® Certified, open-source FIDO2 server seamlessly with a web application, avoiding deployment issues. By deploying this FIDO2 server proof of concept, one will be a step ahead.

    While this web application demonstrates how to use W3C's WebAuthn (a subset of the FIDO2 specification) JavaScript, it is also intended to demonstrate how to use FIDO2 protocols with SKFS to enable strong authentication.

    Prerequisites for the Policy Module Java Application

    This service provider web application example must have a means of connecting with a StrongKey FIDO Server. Install the SKFS either on the same machine as the service provider web application or a different one.

    A Java web application server is required. These instructions assume Payara (GlassFish) is being used.

    The instructions assume the default ports for all the applications installed; Payara runs HTTPS on port 8181 by default, so make sure all firewall rules allow that port to be accessible.