This project is a sample WebAuthn Relying Party (shortened herein to Relying Party, or RP) web application written in Java to work with StrongKey's FIDO2 Server, Community Edition and sample JavaScript WebAuthn client.
The goals of this project are to demonstrate how to call StrongKey's FIDO2 Server APIs and how to properly manage users' FIDO2 keys. It is meant to serve as a reference implementation of a project that leverages StrongKey's FIDO2 Server to enable FIDO2 authentication. If you are an application developer looking to FIDO2-enable an application, this code uses examples of the FIDO2 API calls.
The cybersecurity term, "Relying Party," originating from the jurisprudential term, was intended to represent legal entities that have a standing within a court of law where disputes related to digital signatures and non-repudiation could be argued; a web application has no legal standing in court, but its owner does. For additional information on WebAuthn Relying Parties, visit the technical specification:
- Definition of WebAuthn Relying Party
- Complete WebAuthn specification
- A useful diagram of WebAuthn functional flow
For more information on the originating jargon and related terms, visit the Internet Engineering Task Force (IETF) Request for Comments (RFC):
- The definition of Relying Party is in the second paragraph of 1.1. Background
Follow the instructions below to install this sample.
- This Relying Party web application example must have a means of connecting with a StrongKey FIDO2 Server. You can install a FIDO2 Server either on the same machine as your RP web application or a different one.
- You must have a Java web application server. These instructions assume you are using Payara (GlassFish).
- The instructions assume the default ports for all the applications installed; Payara runs HTTPS on port 8181 by default, so make sure all firewall rules allow that port to be accessible.
- The sample commands below assume you are installing this RP web application on the same machine where StrongKey FIDO2 Server has been installed. If you are installing on a separate machine, you may have to adjust the commands accordingly.
-
Switch to (or login as) the strongkey user. The default password for the strongkey user is ShaZam123.
su - strongkey
-
Create the following directories to configure the WebAuthn servlet home folder.
mkdir -p /usr/local/strongkey/webauthntutorial/etc
-
Create a configuration file for the Relying Party web application to configure a FIDO2 Server.
vi /usr/local/strongkey/webauthntutorial/etc/webauthntutorial.properties
-
Add the following configuration to the file and replace <FQDN> with the FIDO2 Server FQDN.
webauthntutorial.cfg.property.apiuri=https://<FQDN>:8181/api
-
Download the Relying Party web application .war file webauthntutorial.war.
wget https://github.com/StrongKey/relying-party-java/raw/master/webauthntutorial.war
-
Add the .war file to Payara.
asadmin deploy webauthntutorial.war
NOTE: The default administrative username/password as set by the install script for the FIDO2 Server is admin/adminadmin.
-
Test that the servlet is running by executing the following Curl command. You should get the API Web Application Definition Language (WADL) file back in response.
curl -k https://localhost:8181/webauthntutorial/application.wadl
-
To test this installation of the FIDO2 server, check out the sample StrongKey WebAuthn client.
To uninstall the RP sample web application, follow the uninstall instructions in the FIDO2 Server, Community Edition Installation Guide. Removing the StrongKey FIDO Server also removes the sample RP web application and sample WebAuthn client.
If you would like to contribute to the sample Relying Party web application project, please read CONTRIBUTING.md, then sign and return the Contributor License Agreement (CLA).
This project is currently licensed under the GNU Lesser General Public License v2.1.