FIDO provides two user experiences to address a wide range of use cases and deployment scenarios. FIDO protocols are based on public key cryptography and are strongly resistant to phishing.
Figure 1: UAF and U2F.
Both the registration and authentication operation consist of three phases depicted in the following figure.
Figure 2: Three phases of U2F protocol operations.
The following figure provides the complete authentication process flow when authenticating using FIDO U2F.
Figure 3: Authentication process flow for U2F
- Log in to the WSO2 Identity Server end user dashboard.
- Navigate to the My Profile section by clicking the associated View Details button.
- Click Manage U2F Authentication.
You can add a new U2F device to your account and if needed you can remove it.
Tip: You can have multiple devices associated to your account.
Configuring FIDO U2F as an authenticator
- Log in to the Management Console.
- Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
- Fill in the Service Provider Name and provide a brief Description of the service provider. Only Service Provider Name is a required field.
- Click Register to add the new service provider.
- Access the service provider you just created and expand Local & Outbound Authentication Configuration.
- Select Advanced Configuration to configure multi-factor authentication.
- Click Add Authentication Step. Clicking this again will enable you to create another authentication step.
- Select whether this is a Subject Step, Attribute Step or both. In the case of multiple steps, you can have only one step as the subject step and one as the attribute step.
- Click the plus button to add a Local Authenticator. You can choose the type of authenticator using the dropdown. Clicking the plus button again will enable you to add a second local authenticator. As an example of this scenario, basic and fido are used as the two authenticators. Basic authentication allows you to authenticate users from the enterprise user store while FIDO authenticates you externally.
- Click the Update button. This will return you to the previous screen with your newly configured authentication steps.