[keycloak-dev] Request for someone to contribute an WebAuthn4j extension

中村雄一 / NAKAMURA,YUUICHI yuichi.nakamura.fe at hitachi.com
Wed Apr 10 23:55:54 EDT 2019


Hi, 

We've updated the webauthn authenticator prototype based on webauthn4j : 
https://github.com/webauthn4j/keycloak-webauthn-authenticator/tree/demo-completed

We've confirmed that this demo worked well under the following environments:
* U2F with Resident Key Not supported Authenticator Scenario
OS : Windows 10
Browser : Google Chrome (ver 73), Mozilla FireFox (ver 66)
Authenticator : Yubico Security Key
Server(RP) : keycloak-5.0.0

* U2F with Resident Key supported Authenticator Scenario
OS : Windows 10
Browser : Microsoft Edge (ver 44)
Authenticator : Internal Fingerprint Authentication Device
Server(RP) : keycloak-5.0.0

* UAF with Resident Key supported Authenticator Scenario
OS : Windows 10
Browser : Microsoft Edge (ver 44)
Authenticator : Internal Fingerprint Authentication Device
Server(RP) : keycloak-5.0.0

We will continue to improve the prototype, so feedback is welcomed.

Regards,
Yuichi Nakamura

-----Original Message-----
From: keycloak-dev-bounces at lists.jboss.org <keycloak-dev-bounces at lists.jboss.org> On Behalf Of 中村雄一 / NAKAMURA,YUUICHI
Sent: Tuesday, March 19, 2019 4:32 PM
To: stian at redhat.com
Cc: keycloak-dev <keycloak-dev at lists.jboss.org>
Subject: [!]Re: [keycloak-dev] Request for someone to contribute an WebAuthn4j extension

Hi,

Sorry, we have implemented only for Edge now.
Please wait for other browsers.

> One comment is that it shouldn't create a new table, but rather just serialize the value to the existing credential table in the same way as the FIDO U2F example does [1].
Thank you, we will fix.

Regards,
Yuichi Nakamura


From: Stian Thorgersen <sthorger at redhat.com>
Sent: Monday, March 18, 2019 5:49 PM
To: 中村雄一 / NAKAMURA,YUUICHI <yuichi.nakamura.fe at hitachi.com>
Cc: keycloak-dev <keycloak-dev at lists.jboss.org>; 乗松隆志 / NORIMATSU,TAKASHI <takashi.norimatsu.ws at hitachi.com>; 茂木昂士 / MOGI,TAKASHI <takashi.mogi.ep at hitachi.com>; Yoshikazu Nojima <mail at ynojima.net>
Subject: [!]Re: [keycloak-dev] Request for someone to contribute an WebAuthn4j extension

Tried this out today and it didn't work for me. I was getting some JS error both on Chrome and Firefox when trying to register authenticator. 

One comment is that it shouldn't create a new table, but rather just serialize the value to the existing credential table in the same way as the FIDO U2F example does [1]. 

[1] https://clicktime.symantec.com/3XYorxFfnwRutc8N4z3Ubc77Vc?u=https%3A%2F%2Fgithub.com%2Fstianst%2Fkeycloak-experimental%2Ftree%2Fmaster%2Ffido-u2f

On Fri, 15 Mar 2019 at 08:13, 中村雄一 / NAKAMURA,YUUICHI <mailto:yuichi.nakamura.fe at hitachi.com> wrote:
Hi, 

We’ve uploaded the initial prototype of webauthn authenticator below: https://clicktime.symantec.com/37NWG7BAMWtR42Swt5VUTw77Vc?u=https%3A%2F%2Fgithub.com%2Fwebauthn4j%2Fkeycloak-webauthn-authenticator

Feedback is welcomed.

From: Stian Thorgersen <mailto:sthorger at redhat.com>
Sent: Thursday, February 28, 2019 6:53 PM
To: 中村雄一 / NAKAMURA,YUUICHI <mailto:yuichi.nakamura.fe at hitachi.com>
Cc: keycloak-dev <mailto:keycloak-dev at lists.jboss.org>
Subject: [!]Re: [keycloak-dev] Request for someone to contribute an WebAuthn4j extension

That's great, thanks.

Do you have an idea on roughly when you can have a prototype ready?

On Thu, 28 Feb 2019 at 00:32, 中村雄一 / NAKAMURA,YUUICHI <mailto:mailto:yuichi.nakamura.fe at hitachi.com> wrote:
Hi,

My team has begun to help webauthn4j project, and is going to develop prototype of authenticator for keycloak.
We'd like to take this.

Regards,
Yuichi Nakamura
Hitachi, Ltd.

-----Original Message-----
From: mailto:mailto:keycloak-dev-bounces at lists.jboss.org <mailto:mailto:keycloak-dev-bounces at lists.jboss.org> On Behalf Of Stian Thorgersen
Sent: Thursday, February 28, 2019 12:26 AM
To: keycloak-dev <mailto:mailto:keycloak-dev at lists.jboss.org>
Subject: [!][keycloak-dev] Request for someone to contribute an WebAuthn4j extension

A while back I created an experimental extension to Keycloak for FIDO U2F.
It would be great if someone could adapt this to WebAuthn by leveraging webauthn4j library [1].

Any takers? It shouldn't be hard ;)

[1] https://clicktime.symantec.com/3DJdi8ZVRTPPRjKw5d1qT287Vc?u=https%3A%2F%2Fgithub.com%2Fwebauthn4j%2Fwebauthn4j
_______________________________________________
keycloak-dev mailing list
mailto:mailto:keycloak-dev at lists.jboss.org
https://clicktime.symantec.com/35NVx3Bd41ZVjjssocqwjpK7Vc?u=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-dev

_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://clicktime.symantec.com/3K7AmDtC5f54UYS4NNrH1wo7Vc?u=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-dev



More information about the keycloak-dev mailing list