Product Documentation

    These instructions assume that the Fidopolicy application is being installed on the same machine/VM as the FIDO Server.

    1. Create the following directories to configure the WebAuthn servlet home folder.

      sudo mkdir -p /usr/local/strongkey/poc/etc

    2. Create a configuration file for the service provider web application.

      sudo vi /usr/local/strongkey/poc/etc/poc-configuration.properties

    3. Fill in the appropriate values (listed in [ ]) to configure the sample application with SKFS.

      poc.cfg.property.apiuri=https://[hostname of FIDO Server]:8181

      Save and exit.

    4. Download the service provider web application distribution fidopolicyserver-vx.xx-dist.tgz.

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.15.1/sampleapps/java/fidopolicy/fidopolicyserver-v4.15.1-dist.tgz
    5. Verify if sha256sum for the distribution matches 9eb701da348a2e490561c4b4cc21fb0284fe241225791ab33824b97592df0144
       
      sha256sum fidopolicyserver-v4.15.1-dist.tgz

    6. Extract the downloaded file to the current directory:

      tar xvzf fidopolicyserver-v4.15.1-dist.tgz

    7. Execute the install-fidopolicyserver.sh script as follows:

      sudo ./install-fidopolicyserver.sh

    8. Test that the servlet is running by executing the following cURL command and confirm that the API Web Application Definition Language (WADL) file is returned in response:

      curl -k https://localhost:8181/fidopolicyboa/fido2/application.wadl

    At this point, the FIDO Policy BOA server is installed. Continue to install the front-end Angular application.

    1. Switch to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.

      su - strongkey

    2. Download the web application distribution for the FIDO2 Server policy-ui-dist.tgz.

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.15.1/sampleapps/java/fidopolicy/policy-ui-dist.tgz
    3. Verify if sha256sum for the distribution matches b600b9e9b77055a92dd517ebc76c1a0815ca0ba6c0fbe27eda7411067a3db0c2 
      sha256sum policy-ui-dist.tgz

    4. Extract the downloaded file.

      tar xvzf policy-ui-dist.tgz

    5. Create a directory in Payara named fidopolicy.

      mkdir -p /usr/local/strongkey/payara6/glassfish/domains/domain1/docroot/fidopolicy

    6. Copy all the files to the Payara docroot.

      cp -r dist/* /usr/local/strongkey/payara6/glassfish/domains/domain1/docroot/fidopolicy
    7. Enable port forwarding as root from port 443 to port 8181.
      firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=8181 --permanent
firewall-cmd --reload

    8. The application is deployed in docroot on the FIDO Policy BOA server. Access it as follows in a browser:

      https://<FQDN-of-Policy-server>/fidopolicy

    Optional Configurations

    The LDAP service credentials used by the web application may be changed by setting the following configurations in the configuration file found at: /usr/local/strongkey/poc/etc/poc-configuration.properties

    poc.cfg.property.svcusername=<non-default FIDO service username>
poc.cfg.property.svcpassword=<non-default FIDO service password>
poc.cfg.property.skfs.adminusername=<non-default admin FIDO service username>
poc.cfg.property.skfs.adminpassword=<non-default admin FIDO service password>
poc.cfg.property.jwtpassword=<non-default JWT key password>

    NOTE: When making changes to any configuration files, the Payara server must be restarted for any changes to take effect. This can be done by running the following as the strongkey user:

    sudo systemctl restart payara