feat: Support Super Gluu one step authentication to Fido2 server #3593
Assignees
Labels
kind-feature
Issue or PR is a new feature request
Comments
nynymike
changed the title
yurem
added a commit
that referenced
this issue
Jan 11, 2023
yurem
added a commit
that referenced
this issue
Jan 27, 2023
#3599) * feat: Support Super Gluu one step authentication to Fido2 server #3593 * feat: add sample request/response for one/two steps * feat: enrollment proxy for Super Gluu * chore: allow to process Super Gluu auth request * feat: add super gluu authentication flow support * feat: update to conform Jans * feat: update SG script and services to conform Fido2 server * feat: add fido2 device registration services to jans-auth-server * feat: full 2 step Super Gluu support * feat: user filter to search user's devices for specifc domain * fix: super_gluu_script * fix: super Gluu script * feat: support one_step Super Gluu enrollment * feat: clean up jans-auth-server static config * Revert "fix: super_gluu_script" This reverts commit f0e1713. * Revert "fix: super Gluu script" This reverts commit 20512c4. * feat: super Gluu uses applicationId isntead of applicationId domain * feat: support Super Gluu one_step authentication * feat: add separate base DN for one step auth requests * feat: add super Fluu config option and disable it's API by default * feat: fixes in two step flow to conform katest API * feat move generic attributes to base bean * feat: remove unused services * chore: review script * chore: code review * chore: fix formatting * feat: add missing base fido2 branch * chore: code review * chore: review validators * feat: move Super Gluu adaptors code to separate services * chore: optimizations * chore: remove unused methods * feat: remove U2F clean up jobs * feat: more input parameters validations * feat: final optimizations and fixes Co-authored-by: Madhumita <madhu@gluu.org>
|
Implemented |
This was referenced Feb 22, 2023
This was referenced Feb 22, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Super Gluu is based on the U2F specification with a small extension. Instead of a physically connected device, Auth Server communicates with the Super Gluu mobile application via QR code or push messages. Also, Super Gluu has an extension to support one step authentication.
The current version of Super Gluu uses oxAuth U2F endpoints. In Jans we have separate Fido2 server which supports both fido2/u2f specifications. We need to migrate Super Gluu to use Fido2 server and deprecate oxAuth U2F endpoints.
One small change is needed for Super Gluu Mobile: it should try to get metadata from
https://<server>/.well-known/fido-configurationas before; if this endpoint is missing. it should get it fromhttps://<server>/.well-known/fido2-configuration.Here are references for the one step changes we added to oxAuth U2F:
This is to explain where we added customizations to U2F.
The text was updated successfully, but these errors were encountered: