This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FIDO provides two user experiences to address a wide range of use cases and deployment scenarios. FIDO protocols are based on public key cryptography and are strongly resistant to phishing.

Image RemovedImage Added

Figure 1: UAF and U2F.

...

Both the registration and authentication operation consist of three phases depicted in the following figure.

Image RemovedImage Added

Figure 2: Three phases of U2F protocol operations.

...

The following figure provides the complete authentication process flow when authenticating using FIDO U2F.

Image RemovedImage Added

Figure 3: Authentication process flow for U2F

...

  1. Log in to the WSO2 Identity Server end user dashboard.
  2. Navigate to the My Profile section by clicking the associated View Details button.
  3. Click Manage U2F Authentication.
    Image Removed
    Image Added
  4. You can add a new U2F device to your account and if needed you can remove it.

    Tip

    Tip: You can have multiple devices associated to your account.

    Image RemovedImage Added

     

Configuring FIDO U2F as an authenticator

  1. Log in to the Management Console
  2. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
  3. Fill in the Service Provider Name and provide a brief Description of the service provider. Only Service Provider Name is a required field.
  4. Click Register to add the new service provider.
  5. Access the service provider you just created and expand Local & Outbound Authentication Configuration.
    Image RemovedImage Added
  6. Select Advanced Configuration to configure multi-factor authentication.
  7. Click Add Authentication Step. Clicking this again will enable you to create another authentication step.
  8. Select whether this is a Subject StepAttribute Step or both. In the case of multiple steps, you can have only one step as the subject step and one as the attribute step.
  9. Click the plus button to add a Local Authenticator. You can choose the type of authenticator using the dropdown. Clicking the plus button again will enable you to add a second local authenticator. As an example of this scenario, basic and fido are used as the two authenticators. Basic authentication allows you to authenticate users from the enterprise user store while FIDO authenticates you externally.
    Image Removed Image Added
  10. Click the Update button. This will return you to the previous screen with your newly configured authentication steps.