search

OpenIdentityPlatform / OpenAM

OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
https://www.openidentityplatform.org/openam
Other
768 stars 149 forks source link

Support FIDO2 U2F, webauthn, challenge-response hardware MFA or passwordless #229

Closed iam-TJ closed 4 years ago

iam-TJ commented 4 years ago

**Is your feature request related to a problem?

Needing to use hardware tokens with industry standards and protocols for U2F/MFA and passwordless identity verification.

Describe the solution you'd like

Support FIDO2 U2F and webauthn.

Describe alternatives you've considered None available.

Additional context webauthn is a W3C recommendation, FIDO2 U2F is getting wide industry support. They are supported by most OS, device and/or user agents and many applications are integrating their functionality.

In particular, support for (offline/non-Internet) HMAC-SHA1 challenge-response.

https://www.yubico.com/products/services-software/personalization-tools/challenge-response/

Some of this support is likely required in sub-projects. I'm currently evaluating FL/OSS options for IDM utilising hardware tokens for cross-platform/framework/application SSO.

maximthomas commented 4 years ago

@iam-TJ , Hello, take a look at https://github.com/OpenIdentityPlatform/OpenAM/wiki/How-to-Setup-WebAuthn-Authentication-in-OpenAM article, I think it will help. WebAuthn works in OpenAM XUI and old UI as well.