Passkey validator
Other components that this module uses or need:
Web -> WebAuthnValidation To authenticate users using a Passkey you need to have a database connection. https://docs.fortifiedid.se/tokens/
Enrollment -> Check out the Enrollment documentation. To be able to authenticate you must have enrolled for a token.
Configuration
Common Authenticator configuration can be found here.
username_parameter
Name of the property to where the username is exported
username
namespace
Namespace used to communicate with other modules
default
webroot_dir
See common authenticator configuration
web/authenticator/webauthn
{
"id": "passkey",
"type": "Passkey",
"config": {
"base_path": "/saml/authn",
"context_path": "/saml/authn/webauthn"
}
}Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
WEB_100022("Passkey validated")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
WEB_100023("Passkey validation failed")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
Global state
After successful authentiation, the authenticator populates the configured username property with the user identifier obtained during the Web Authentication process.
API
The following documentation contains links to the document Web Authentication: An API for accessing Public Key Credentials Level 2, W3C Recommendation, 8 April 2021.
Begin authentication
Initialize a new authentication with the following request to the authenticator API:
The server responds with a PublicKeyCredentialRequestOptions. Use the response to obtain a AuthenticatorAssertionResponse, according to the Web Authentication specification, and return the assertion to the authenticator API:
The server responds with AUTHORIZED or UNAUTHORIZED: