Product Documentation

    This project is a basic service provider web application written in Java to work with StrongKey FIDO Server (SKFS), Community Edition. This project also includes sample JavaScript files providing a basic user interface to test FIDO2 registration and authentication.

    Prerequisites

    • This service provider web application example must have a means of connecting with a StrongKey FIDO2 Server; install a FIDO2 Server either on the same machine as a service provider web application or a different one
    • A Java web application server; these instructions are based on using Payara (GlassFish)
    • The instructions assume the default ports for all the applications installed; Payara runs HTTPS on port 8181 by default, all firewall rules allow that port to be accessible
    • The sample commands below assume this service provider web application is installed on the same machine where the StrongKey FIDO2 Server has been installed; if installing on a separate machine, the commands may have to be adjusted accordingly

    Installation Instructions

    1. Switch to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.

      su - strongkey

    2. Create the following directories to configure the WebAuthn servlet home folder.

      mkdir -p /usr/local/strongkey/webauthntutorial/etc

    3. Create a configuration file for the service provider web application to configure a FIDO2 Server.

      echo "webauthntutorial.cfg.property.apiuri=https://$(hostname):8181" > /usr/local/strongkey/webauthntutorial/etc/webauthntutorial-configuration.properties

    4. Download the service provider web application .war file basicdemo.war.

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.13.2/sampleapps/java/basic/basicdemo.war

    5. Verify if sha256sum for the war file matches ea637d3b58037a45b9a1e786dddf45aae0ebfe0f77c175b562c0335beb12368a

      shell> sha256sum basicdemo.war

    6. Add the .war file to Payara.

      asadmin deploy basicdemo.war

    7. Test that the servlet is running by executing the following cURL command and confirming that the API Web Application Definition Language (WADL) file is returned in response.

      curl -k https://localhost:8181/basicdemo/fido2/application.wadl

    8. The application is deployed and can be accessed as follows in a browser:

      https://<FQDN-of-Policy-server>:8181/basicdemo

    Upgrade Instructions

    This project is a basic service provider web application written in Java to work with StrongKey's FIDO2 Server, Community Edition. This project also includes sample JavaScript files providing a basic user interface to test FIDO2 registration and authentication.

    1. Switch to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.

      su - strongkey

    2. Change the name of the configuration file.

      mv /usr/local/strongkey/webauthntutorial/etc/webauthntutorial.properties /usr/local/strongkey/webauthntutorial/etc/webauthntutorial-configuration.properties

    3. Open any text editor (Ex: vi) to edit the configuration file and update the "webauthntutorial.cfg.property.apiuri" property. (the /api is being removed at the end of the URL)

      webauthntutorial.cfg.property.apiuri=https://$(hostname):8181

    4. Download theservice provider web application .war file basicdemo.war.

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.13.2/sampleapps/java/basic/basicdemo.war

    5. Undeploy the old version and deploy the new .war file to Payara.

      asadmin undeploy basicserver
asadmin deploy basicdemo.war

    6. Test that the servlet is running by executing the following cURL command and confirming that the API Web Application Definition Language (WADL) file is returned in response.

      curl -k https://<FQDN-of-Policy-server>:8181/basicdemo/fido2/application.wadl

    7. The application is deployed and can be accessed as follows in a browser:

      https://<FQDN-of-Policy-server>:8181/basicdemo

    Removal

    To uninstall the service provider sample web application, follow the uninstall instructions here. Removing SKFS also removes the sample service provider web application and sample WebAuthn client.

    Contributing to the Sample Service Provider Web Application

    If you would like to contribute to the sample service provider web application project, please read CONTRIBUTING.md, then sign and submit the Contributor License Agreement (CLA).

    Licensing

    This project is currently licensed under the GNU Lesser General Public License v2.1.