WebAuthn / FIDO 2 Demo: Difference between revisions

From NIEF Wiki
Jump to navigation Jump to search
Line 19: Line 19:


[[File:key1.png|center|Cell phone screen shot of using the devices security key.]]
[[File:key1.png|center|Cell phone screen shot of using the devices security key.]]
In the above screenshot, the user would click "Get Started".  Your device should hopefully have an equally intuitive option.
Next you will be prompted to choose a method for using the key, essentially how the device will authenticate you and unlock the key on future use.  This will also vary greatly from device to device in terms of the options available.  And in some cases there will be no available mechanisms to use and an error may be generated.  On a typical 2020 android device this next screen looks like this:
[[File:key2.png|center|Cell phone screen shot of configuring the devices security key.]]
For the demo day, likely using the screenlock mechanism will be used unless additional devices are provided such as NFC based webauthn tokens or perhaps PIV-I card readers that work with mobile devices.

Revision as of 21:55, 21 February 2022

Intro

GTRI has deployed a very simplistic demo of the Duke University WebAuthn plugin for Shibboleth 4.1 in the NIEF Testbed environment. This page provides a short explanation of how to verify that demo works for your device.

Device Registration

From a web browser on the device you must go to the registration URL. With production usage this URL would require some sort of pre-existing authentication or only be available during some sort of in-person registration process. For this demo, it is simply open to the world:

https://assure.ref.gfipm.net/idp/webauthn/registration

This page will have a UI that looks like this:

Screen shot of the registration page
  1. Put in testuser01 for the Username.
  2. Put in any menaingful description for the the Device ID, such 'Tom Jane's iPhone'.
  3. Click Register device with WebAuthn

Device Authentication

Upon clicking the button, your device should present you it's user interface for enabling authentication. This will vary by device, and while it may work on desktops, it's less often supported then it is on mobile devices. The initial screenshot on a typical 2020 android device looks like this:

Cell phone screen shot of using the devices security key.

In the above screenshot, the user would click "Get Started". Your device should hopefully have an equally intuitive option.

Next you will be prompted to choose a method for using the key, essentially how the device will authenticate you and unlock the key on future use. This will also vary greatly from device to device in terms of the options available. And in some cases there will be no available mechanisms to use and an error may be generated. On a typical 2020 android device this next screen looks like this:

Cell phone screen shot of configuring the devices security key.

For the demo day, likely using the screenlock mechanism will be used unless additional devices are provided such as NFC based webauthn tokens or perhaps PIV-I card readers that work with mobile devices.