Passkey validator

Other components that this module uses or need:

Web -> WebAuthnValidation To authenticate users using a Passkey you need to have a database connection. https://docs.fortifiedid.se/tokens/
Enrollment -> Check out the Enrollment documentation. To be able to authenticate you must have enrolled for a token.

Configuration

Authenticator type: Passkey

Common Authenticator configuration can be found here.

Name

Description

Default value

Mandatory

namespace

username_parameter

username

{
  "id": "passkey",
  "type": "Passkey",
  "config": {
    "namespace": "default",
    "base_path": "/saml/authn",
    "context_path": "/saml/authn/webauthn",
    "webroot_dir": "web/authenticator/webauthn",
    "username_parameter": "username"
  }
}

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

WEB_100022("Passkey validated")
- IDENTIFIER (user trace id)
- CUSTOMER_IDENTIFIER (if configured)
- SOURCE_ADDRESS (ip of the remote session)
WEB_100023("Passkey validation failed")
- IDENTIFIER (user trace id)
- CUSTOMER_IDENTIFIER (if configured)
- SOURCE_ADDRESS (ip of the remote session)

Global state

After successful authentiation, the authenticator populates the configured username property with the user identifier obtained during the Web Authentication process.

API

The following documentation contains links to the document Web Authentication: An API for accessing Public Key Credentials Level 2, W3C Recommendation, 8 April 2021.

Begin authentication

Initialize a new authentication with the following request to the authenticator API:

{
    "type": "options"
}

The server responds with a PublicKeyCredentialRequestOptions. Use the response to obtain a AuthenticatorAssertionResponse, according to the Web Authentication specification, and return the assertion to the authenticator API:

{
    "type": "verification",
    "data": {
        "assertion": <AuthenticatorAssertionResponse>
    }
}

The server responds with AUTHORIZED or UNAUTHORIZED:

{
    "status": "AUTHORIZED|UNAUTHORIZED"
}

Translation keys

{
  "webauthn.start_validate": "Login",
  "webauthn.verifying": "Verifying passkey",
  "webauthn.verified": "Passkey verified",
  "webauthn.redirecting": "Redirecting...",
  "webauthn.validation_error.authenticator_failure": "Passkey authentication failed",
  "webauthn.validation_error.verification_failure": "Passkey verification failed",
  "webauthn.validation_error.unknown_error": "Unknown error",
  "webauthn.reset_button": "Go back",
  "allow-cookies-body": "To save your language settings on this device you need to approve a language cookie.",
  "allow-cookies-button": "Approve language cookie",
  "change_language": "Change language"
}

{
  "webauthn.start_validate": "Logga in",
  "webauthn.verifying": "Säkerhetsnyckel verifieras...",
  "webauthn.verified": "Säkerhetsnyckel verifierad",
  "webauthn.redirecting": "Omdirigerar...",
  "webauthn.validation_error.authenticator_failure": "Autenticering med säkerhetsnyckel misslyckades",
  "webauthn.validation_error.verification_failure": "Verifiering av säkerhetsnyckel misslyckades",
  "webauthn.validation_error.unknown_error": "Okänt fel inträffade",
  "webauthn.reset_button": "Gå tillbaka",
  "allow-cookies-body": "Vill du spara dina språkinställningar på denna enhet behövs ett godkännande av  språk-cookie.",
  "allow-cookies-button": "Godkänn språk-cookie",
  "change_language": "Byt språk"
}

PreviousOTP validator NextExposed metrics