- Map Registration and Authentication requests
- User Creation and Deletion
- Host Interoperability Web App
- [node.js] - Server implementation
- [Express] - Node.js framework
-
Request FIDO conformance testing tool from FIDO Alliance.
-
Download and install the FIDO conformance testing tool.
-
Launch the application and select FIDO2 Server - MDS3 Tests.
-
Enter
https://localhost:4000as the server url.
Note: Tool (v1.6.42 experimental) will work only on macOS and Windows operating systems.
-
Download and start WSO2 identity server and login to the console. Alternatively login to Asgardeo for cloud setup.
-
Create a sample application for conformance testing.
fido2-compliance-adapter requires Node.js to run.
- Clone the github project.
git clone git@github.com:wso2-incubator/identity-fido2-compliance-adapter.git- Install dependencies by executing the following command.
cd /identity-fido2-compliance-adapter
npm install- Configure the adapter by adding following configs to the
config.jsonfile.
| Configuration | Description | Sample value |
|---|---|---|
clientID |
The client ID of the application created | ZECYcLyBtHDkLtpOSSXKF85jQ2sa |
clientSecret |
The client secret of the application created | 1_6rdIRx5U3F3mTyKL19vTW9lD0a |
host |
Host address of the server | 127.0.0.1 (api.asgardeo.io for cloud) |
tenantName |
Name of the tenant/ organization. Leave this empty if you're not configuring in a tenant environment | myorg |
redirectUri |
Redirect url provided for the created application | http://localhost.com:8080/pickup-dispatch/oauth2client |
basicAuthCredentials |
Base64 encoded username:password for the basic authentication (Only requires in on-prem setup) |
YWRtaW46YWRtaW4= |
authRequestRefererHost |
Referer host to be sent in the authentication request. Cannot use an ip address for this field | localhost (accounts.asg.io for cloud) |
userPassword |
Password for the adapter created user accounts. No need to change this value unless you have enforced different password policies. | User@123 |
isCloudSetup |
Boolean indicating whether you're running the adapter against cloud setup or on-prem setup | false |
bearerTokenGrantType |
Grant type required to obtain bearer token (Only requires in cloud setup) | |
bearerTokenClientId |
Client ID to obtain bearer token (Only requires in cloud setup) | |
bearerTokenUsername |
Username to obtain bearer token (Only requires in cloud setup) | |
bearerTokenPassword |
Password of the above provided user to obtain bearer token (Only requires in cloud setup) | |
bearerTokenScope |
Scope for the bearer token (Only requires in cloud setup) | |
userStoreDomain |
User store domain name (Only requires in cloud setup) |
-
Follow below commands to add certificates to the adapter.
-
Install openssl.
-
Generate certificate by executing the below command.
cd /security openssl req -nodes -new -x509 -keyout server.key -out server.cert- Allow unauthorized TLS by executing the below command.
export NODE_TLS_REJECT_UNAUTHORIZED='0'
-
-
Download
index.htmlfile from fido-interop-webapp repository and copy tosrc/app/interop-testingdirectory. -
Start the adapter by executing following command.
npm start- Download server metadata by clicking DOWNLOAD SERVER METADATA button. You are required to upload the extracted metadata files to the identity server inorder to pass metadata tests.
- Select the required test cases under Server Tests.
- Click RUN to start the testing process
-
Start WSO2 IS
-
Setup the sample application (Pickup-Dispatch App)
Refer WSO2 IS Deploying the Sample Applications documentation to deploy the pickup-dispatch webapp.
After successful deployment, enable login with FIDO2 for the deployed pickup-dispatch webapp. login to Management console
Username : admin Password : adminSelect
Service Providers -> List. Then click edit for the deployed application. Select Local & Outbound Authentication Configuration and click Local Authentication as fido.Add any claim configuration you prefer under Claim Configuration tab to enable consent page.
Update the settings and reload the WSO2 IS server.