search

sipatel2 / shibboleth-webauthn

Apache License 2.0
25 stars 7 forks source link

License for the code #1

Closed joeFischetti closed 4 years ago

joeFischetti commented 4 years ago

Hi, I checked a few of the class files and I couldn't find what license was applied to them. I wanted to expand on this (a working RegistrationStorage so I can actually test it) but I want to make sure I'm allowed to touch things.

sipatel2 commented 4 years ago

Hey,

I'll find out what license to apply and get the classes updated.

In the meantime, if you build the container as is, it will allow you to register authenticators and actually authenticate with them using the existing RegistrationStorage, but the data is kept in memory only so it'll only work until you restart the container.

I've added a RegistrationStorage that persists to a database in the misc folder.

joeFischetti commented 4 years ago

Thanks I've got it applied to a local instance rather than mucking with a docker container.

Is there any interest in making it more of a standalone module so it can easily be deployed to an existing instance? Obviously copying the files isn't a big deal, but conf/authn/WebAuthn.properties should be in /conf and /flows/authn/WebAuthn/WebAuthn-beans.xml should be in conf/authn/ just so they follow form. One of the classes has a static reference to '/opt/shibboleth-idp/conf/authn/WebAuthn.properties" so it can't 'just be moved'.

I envision a standalone module that gets the username from the profileRequestContext. That way this can be called as an additional factor on a standard password flow (or as the primary factor after the username was entered in a prior flow).

Also, fwiw, I've only gotten this to work in chrome and edge. Am I missing something firefox related? And do you use this in any limited browsers - i.e. something like the splash screen login for office365 desktop clients?

sipatel2 commented 4 years ago

Thanks for the feedback. FWIW, the way our flows work at Duke is very different and this repo was a quick first attempt to make it a little bit more generic so that others in the community could quickly have something to demo/test to help get the conversation moving. But yes, I'm planning on making some updates to this. But the end goal and hope is for the Shibboleth project to pick this up as a built-in flow with the changes that they also feel are needed to make that happen.

sipatel2 commented 4 years ago

And regarding browser support, there are still some gaps. But we've had success with firefox on android and windows machines.

sipatel2 commented 4 years ago

Added license