Sorry for late reply. Finally found some time to try this out. It works
pretty well for me, but here's a few discussion points:
* Don't require clicking "Authenticate" button, it's confusing and
should
happen automatically
* Use a required action for registration, not an authenticator and custom
registration flow. This fits better with the future plans of application
initiated actions, and also allows users not self-registered.
* Don't use custom table for credentials. I see it's marked as an open
issue, but just wanted to mention it again. Custom entities are not
supported, this has issues with hot-deployment and I don't want to have to
add additional tables for each credential type.
* Problems on re-build/deploy as mentioned in open issues is related to two
things I think. Firstly, the above with regards to custom entities.
Secondly, we have an issue that theme resources are not re-loaded on
re-load (see
).
With regards to testing have you done any research into possibility of
functional testing? I know we've discussed this in the past, but not sure
if any progress has been made here.
On Thu, 11 Apr 2019 at 05:56, 中村雄一 / NAKAMURA,YUUICHI <
yuichi.nakamura.fe(a)hitachi.com> wrote:
Hi,
We've updated the webauthn authenticator prototype based on webauthn4j :
https://github.com/webauthn4j/keycloak-webauthn-authenticator/tree/demo-c...
We've confirmed that this demo worked well under the following
environments:
* U2F with Resident Key Not supported Authenticator Scenario
OS : Windows 10
Browser : Google Chrome (ver 73), Mozilla FireFox (ver 66)
Authenticator : Yubico Security Key
Server(RP) : keycloak-5.0.0
* U2F with Resident Key supported Authenticator Scenario
OS : Windows 10
Browser : Microsoft Edge (ver 44)
Authenticator : Internal Fingerprint Authentication Device
Server(RP) : keycloak-5.0.0
* UAF with Resident Key supported Authenticator Scenario
OS : Windows 10
Browser : Microsoft Edge (ver 44)
Authenticator : Internal Fingerprint Authentication Device
Server(RP) : keycloak-5.0.0
We will continue to improve the prototype, so feedback is welcomed.
Regards,
Yuichi Nakamura
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org <
keycloak-dev-bounces(a)lists.jboss.org> On Behalf Of 中村雄一 / NAKAMURA,YUUICHI
Sent: Tuesday, March 19, 2019 4:32 PM
To: stian(a)redhat.com
Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Subject: [!]Re: [keycloak-dev] Request for someone to contribute an
WebAuthn4j extension
Hi,
Sorry, we have implemented only for Edge now.
Please wait for other browsers.
> One comment is that it shouldn't create a new table, but rather just
serialize the value to the existing credential table in the same way as the
FIDO U2F example does [1].
Thank you, we will fix.
Regards,
Yuichi Nakamura
From: Stian Thorgersen <sthorger(a)redhat.com>
Sent: Monday, March 18, 2019 5:49 PM
To: 中村雄一 / NAKAMURA,YUUICHI <yuichi.nakamura.fe(a)hitachi.com>
Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>; 乗松隆志 / NORIMATSU,TAKASHI
<takashi.norimatsu.ws(a)hitachi.com>; 茂木昂士 / MOGI,TAKASHI <
takashi.mogi.ep(a)hitachi.com>; Yoshikazu Nojima <mail(a)ynojima.net>
Subject: [!]Re: [keycloak-dev] Request for someone to contribute an
WebAuthn4j extension
Tried this out today and it didn't work for me. I was getting some JS
error both on Chrome and Firefox when trying to register authenticator.
One comment is that it shouldn't create a new table, but rather just
serialize the value to the existing credential table in the same way as the
FIDO U2F example does [1].
[1]
https://clicktime.symantec.com/3XYorxFfnwRutc8N4z3Ubc77Vc?u=https%3A%2F%2...
On Fri, 15 Mar 2019 at 08:13, 中村雄一 / NAKAMURA,YUUICHI <mailto:
yuichi.nakamura.fe(a)hitachi.com> wrote:
Hi,
We’ve uploaded the initial prototype of webauthn authenticator below:
https://clicktime.symantec.com/37NWG7BAMWtR42Swt5VUTw77Vc?u=https%3A%2F%2...
Feedback is welcomed.
From: Stian Thorgersen <mailto:sthorger@redhat.com>
Sent: Thursday, February 28, 2019 6:53 PM
To: 中村雄一 / NAKAMURA,YUUICHI <mailto:yuichi.nakamura.fe@hitachi.com>
Cc: keycloak-dev <mailto:keycloak-dev@lists.jboss.org>
Subject: [!]Re: [keycloak-dev] Request for someone to contribute an
WebAuthn4j extension
That's great, thanks.
Do you have an idea on roughly when you can have a prototype ready?
On Thu, 28 Feb 2019 at 00:32, 中村雄一 / NAKAMURA,YUUICHI <mailto:mailto:
yuichi.nakamura.fe(a)hitachi.com> wrote:
Hi,
My team has begun to help webauthn4j project, and is going to develop
prototype of authenticator for keycloak.
We'd like to take this.
Regards,
Yuichi Nakamura
Hitachi, Ltd.
-----Original Message-----
From: mailto:mailto:keycloak-dev-bounces@lists.jboss.org <mailto:mailto:
keycloak-dev-bounces(a)lists.jboss.org> On Behalf Of Stian Thorgersen
Sent: Thursday, February 28, 2019 12:26 AM
To: keycloak-dev <mailto:mailto:keycloak-dev@lists.jboss.org>
Subject: [!][keycloak-dev] Request for someone to contribute an WebAuthn4j
extension
A while back I created an experimental extension to Keycloak for FIDO U2F.
It would be great if someone could adapt this to WebAuthn by leveraging
webauthn4j library [1].
Any takers? It shouldn't be hard ;)
[1]
https://clicktime.symantec.com/3DJdi8ZVRTPPRjKw5d1qT287Vc?u=https%3A%2F%2...
_______________________________________________
keycloak-dev mailing list
mailto:mailto:keycloak-dev@lists.jboss.org
https://clicktime.symantec.com/35NVx3Bd41ZVjjssocqwjpK7Vc?u=https%3A%2F%2...
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://clicktime.symantec.com/3K7AmDtC5f54UYS4NNrH1wo7Vc?u=https%3A%2F%2...