/agama-securitykey

Agama Project to authenticate people using USB FIDO2 security keys

Primary LanguageJavaApache License 2.0Apache-2.0

Agama Security Key Project

Contributors Forks Stargazers Issues Apache License

Use this project to authenticate using security devices (Yubico Key, Windows Hello, Touch ID on Mac, etc.)

How it works at a glance

When a main flow of this project is launched (namely io.jans.agama.securitykey.main) the user's browser is redirected to a view where he/she must first enter his/her username, then validate one of the security keys that he/she has configured for his/her user (Yubico Key, Windows Hello, Touch ID on Mac, etc.). Finally, the user's browser is redirected to the registered URI.

Note: You must have registered security devices to your user, to register you must use Jans Casa.

Project Deployment

To deploy this project we need to meet the requirements.

Requirements

  1. Running instance of Jans Auth Server, Jans Fido2 and Jans Casa

Add Java dependencies

  1. Download latest agama-securitykey-custom.jar from Releases
  2. scp the jar file to /opt/jans/jetty/jans-auth/custom/libs/ on Auth Server
  3. On Auth Server, edit /opt/jans/jetty/jans-auth/webapps/jans-auth.xml and add the jar file to the <set name="extractClasspath">...</Set> element. For example:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
   <Set name="contextPath">/jans-auth</Set>
   <Set name="war">
       <Property name="jetty.webapps" default="." />/jans-auth.war
   </Set>
   <Set name="extractWAR">true</Set>
   <Set name="extraClasspath">
      ...
      /opt/jans/jetty/jans-auth/custom/libs/agama-securitykey-custom.jar,
      ...
   </Set>
 </Configure>
  1. Restart Auth Server to load the new jar:
systemctl restart jans-auth

Deployment

Download the latest agama-securitykey.gama file and deploy it in Auth Sever.

Siga los siguientes pasos:

  • Copy (SCP/SFTP) the gama file of this project to a location in your Jans Server
  • Connect (SSH) to your Jans Server and open TUI: python3 /opt/jans/jans-cli/jans_cli_tui.py
  • Navigate to the Agama tab and then select "Upload project". Choose the gama file
  • Wait for about one minute and then select the row in the table corresponding to this project
  • Press d and ensure there were not deployment errors
  • Pres ESC to close the dialog

TUI_DEPLOY

Testing

You'll need an OpenID Connect test RP. You can try oidcdebugger, jans-tarp or jans-tent. Check out this video to see an example of agama-securitykey in action:

TEST_AGAMA_SECURITY_KEY

Contributors

Milton
Milton Ch.

License

This project is licensed under the Apache 2.0