Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 9111 #9324

Closed
wants to merge 5 commits into from
Closed

Issue 9111 #9324

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f9c913d
feat(jans-fido): refactor mds3 codebase and server config
shekhar16 Aug 7, 2024
d789e9f
feat(jans-fido): revert rename from docker file #9111
shekhar16 Aug 26, 2024
146f4a7
feat(jans-fido): add metadatarefreshinterval #9111
shekhar16 Aug 26, 2024
60fe227
feat(jans-fido): changes to refactor metadataservers #9111
shekhar16 Aug 26, 2024
8e9b6e1
feat(jans-fido): changes to refactor requestedParties #9111
shekhar16 Aug 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions docs/admin/config-guide/fido2-config/janssen-fido2-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,23 +91,23 @@ It will return the result as below:
"mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert",
"mdsTocsFolder": "/etc/jans/conf/fido2/mds/toc",
"checkU2fAttestations": false,
"userAutoEnrollment": false,
"debugUserAutoEnrollment": false,
"unfinishedRequestExpiration": 180,
"authenticationHistoryExpiration": 1296000,
"serverMetadataFolder": "/etc/jans/conf/fido2/server_metadata",
"requestedCredentialTypes": [
"enabledFidoAlgorithms": [
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://jans-project.lxd",
"domains": [
"id": "https://jans-project.lxd",
"origins": [
"jans-project.lxd"
]
}
],
"skipDownloadMdsEnabled": false,
"disableMetadataService": false,
"skipValidateMdsInAttestationEnabled": false,
"assertionOptionsGenerateEndpointEnabled": true
}
Expand Down
42 changes: 21 additions & 21 deletions docs/admin/fido/config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,21 @@ tags:

#### Fido2Configuration structure

| Field named | Example | Description |
|-----------------------------------------|----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| requestedCredentialTypes | ["RS256","ES256"] | |
| requestedParties | [{"name":"https://my-jans-server.jans.io","domains":["my-jans-server.jans.io"]}] | Requested party name. |
| userAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| skipDownloadMdsEnabled | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |
| Field named | Example | Description |
|-----------------------------------------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| rp | [{"id":"https://my-jans-server.jans.io","origins":["my-jans-server.jans.io"]}] | Requested party id. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |

### Configuring the FIDO2 server:
#### 1. Read Configuration parameters:
Expand Down Expand Up @@ -75,22 +75,22 @@ Response:
"mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert",
"mdsTocsFolder": "/etc/jans/conf/fido2/mds/toc",
"checkU2fAttestations": false,
"userAutoEnrollment": false,
"debugUserAutoEnrollment": false,
"unfinishedRequestExpiration": 180,
"authenticationHistoryExpiration": 1296000,
"serverMetadataFolder": "/etc/jans/conf/fido2/server_metadata",
"metadataUrlsProvider": "",
"skipDownloadMdsEnabled": false,
"disableMetadataService": false,
"skipValidateMdsInAttestationEnabled": false,
"assertionOptionsGenerateEndpointEnabled":true,
"requestedCredentialTypes": [
"enabledFidoAlgorithms": [
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://my.jans.server",
"domains": [
"id": "https://my.jans.server",
"origins": [
"my.jans.server"
]
}
Expand Down
10 changes: 5 additions & 5 deletions docs/admin/fido/logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,19 +41,19 @@ Response:
"mdsCertsFolder":"/etc/jans/conf/fido2/mds/cert",
"mdsTocsFolder":"/etc/jans/conf/fido2/mds/toc",
"serverMetadataFolder":"/etc/jans/conf/fido2/server_metadata",
"requestedCredentialTypes":[
"enabledFidoAlgorithms":[
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://my-jans-server.jans.io",
"domains":[
"id":"https://my-jans-server.jans.io",
"origins":[
"my-jans-server.jans.io"
]
}
],
"userAutoEnrollment":false,
"debugUserAutoEnrollment":false,
"unfinishedRequestExpiration":180,
"authenticationHistoryExpiration":1296000
}
Expand Down
68 changes: 34 additions & 34 deletions docs/admin/reference/json/properties/fido2-properties.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,36 @@ tags:

# Fido2 Configuration Properties

| Property Name | Description | |
|-----|-----|-----|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| requestedCredentialTypes | List of Requested Credential Types | [Details](#requestedcredentialtypes) |
| requestedParties | Authenticators metadata in json format | [Details](#requestedparties) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| userAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
| Property Name | Description | |
|---------------------------------|-----------------------------------------------------------------------------------------------|---------------------------------------------|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| rp | Requested Parties Authenticators metadata in json format | [Details](#rp) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |


### authenticationHistoryExpiration
Expand Down Expand Up @@ -220,7 +220,7 @@ tags:
- Default value: None


### requestedCredentialTypes
### enabledFidoAlgorithms

- Description: List of Requested Credential Types

Expand All @@ -229,9 +229,9 @@ tags:
- Default value: None


### requestedParties
### rp

- Description: Authenticators metadata in json format
- Description: Requested Parties Authenticators metadata in json format

- Required: No

Expand Down Expand Up @@ -282,7 +282,7 @@ tags:
- Default value: None


### userAutoEnrollment
### debugUserAutoEnrollment

- Description: Allow to enroll users on enrollment/authentication requests

Expand Down
Loading