Product Documentation

    This project is a basic service provider web application written in Java to work with StrongKey FIDO Server (SKFS), Community Edition. This project also includes sample JavaScript files providing a basic user interface to test FIDO2 registration and authentication.

    Prerequisites

    • This service provider web application example must have a means of connecting with a StrongKey FIDO2 Server; install a FIDO2 Server either on the same machine as a service provider web application or a different one
    • A Java web application server; these instructions are based on using Payara (GlassFish)
    • The instructions assume the default ports for all the applications installed; Payara runs HTTPS on port 8181 by default, all firewall rules allow that port to be accessible
    • The sample commands below assume this service provider web application is installed on the same machine where the StrongKey FIDO2 Server has been installed; if installing on a separate machine, the commands may have to be adjusted accordingly

    Installation Instructions

    1. Switch to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.

      su - strongkey

    2. Create the following directories to configure the WebAuthn servlet home folder.

      mkdir -p /usr/local/strongkey/webauthntutorial/etc

    3. Create a configuration file for the service provider web application to configure a FIDO2 Server.

      echo "webauthntutorial.cfg.property.apiuri=https://$(hostname):8181" > /usr/local/strongkey/webauthntutorial/etc/webauthntutorial-configuration.properties

    4. Download the service provider web application .war file basicdemo.war.

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.17.0/sampleapps/java/basic/basicdemo.war

    5. Verify if sha256sum for the war file matches 5f0a78e1211a3689d00cc3f66b321725f96d18d7b9b7713f5c26783dd7db87a6

      sha256sum basicdemo.war

    6. Add the .war file to Payara.

      asadmin deploy basicdemo.war

    7. Test that the servlet is running by executing the following cURL command and confirming that the API Web Application Definition Language (WADL) file is returned in response.

      curl -k https://localhost:8181/basicdemo/fido2/application.wadl

    8. The application is deployed and can be accessed as follows in a browser:

      https://<FQDN-of-Policy-server>:8181/basicdemo

    Optional Configurations

    The LDAP service credentials used by the web application may be changed by setting the following configurations in the configuration file found at: /usr/local/strongkey/webauthntutorial/etc/webauthntutorial-configuration.properties

    webauthntutorial.cfg.property.fido2.service.defaultuser=<non-default FIDO service username>
webauthntutorial.cfg.property.fido2.service.defaultpassword=<non-default FIDO service password>

    NOTE: When making changes to any configuration files, the Payara server must be restarted for any changes to take effect. This can be done by running the following as the strongkey user:

    sudo systemctl restart payara

    Upgrade Instructions

    This project is a basic service provider web application written in Java to work with StrongKey's FIDO2 Server, Community Edition. This project also includes sample JavaScript files providing a basic user interface to test FIDO2 registration and authentication.

    1. Switch to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.

      su - strongkey

    2. Change the name of the configuration file.

      mv /usr/local/strongkey/webauthntutorial/etc/webauthntutorial.properties /usr/local/strongkey/webauthntutorial/etc/webauthntutorial-configuration.properties

    3. Open any text editor (Ex: vi) to edit the configuration file and update the "webauthntutorial.cfg.property.apiuri" property. (the /api is being removed at the end of the URL)

      webauthntutorial.cfg.property.apiuri=https://$(hostname):8181

    4. Download theservice provider web application .war file basicdemo.war.

      wget https://sourceforge.net/projects/strongkeyfido/files/v4.17.0/sampleapps/java/basic/basicdemo.war

    5. Undeploy the old version and deploy the new .war file to Payara.

      asadmin undeploy basicserver
asadmin deploy basicdemo.war

    6. Test that the servlet is running by executing the following cURL command and confirming that the API Web Application Definition Language (WADL) file is returned in response.

      curl -k https://<FQDN-of-Policy-server>:8181/basicdemo/fido2/application.wadl

    7. The application is deployed and can be accessed as follows in a browser:

      https://<FQDN-of-Policy-server>:8181/basicdemo

    Removal

    To uninstall the service provider sample web application, follow the uninstall instructions here. Removing SKFS also removes the sample service provider web application and sample WebAuthn client.

    Contributing to the Sample Service Provider Web Application

    If you would like to contribute to the sample service provider web application project, please read CONTRIBUTING.md, then sign and submit the Contributor License Agreement (CLA).

    Licensing

    This project is currently licensed under the GNU Lesser General Public License v2.1.