0

Would like to implement FIDO authentication for our web application using 'windows hello' as authenticator & 'WebAuthn' protocol. Please let me know the steps involved.

  • Which windows OS version & its build version supports windows hello ?

  • How to set up FIDO server?

  • How to integrate our web application with FIDO server?

  • Is FIDO can be used to authenticate back end web api end point access?

191180rk
  • 735
  • 2
  • 12
  • 37

1 Answers1

0

  1. FIDO2 functionality was initially released in Windows 10 version 1803

  2. Set up a FIDO Server - You'll need to make a couple design decisions first.

    2.1. Pay an IAM solution provider that already offers WebAuthn / FIDO2.

    2.2. Build WebAuthn / FIDO2 functionality into your existing authentication system.

    2.2.1 Integrate with an authentication service. The authentication service hosts the infrastructure, your app just calls their API.

    2.2.2 Spin up standalone WebAuthn / FIDO2 servers on your own infrastructure and integrate it with your existing authentication system.

    2.2.3 Integrate WebAuthn / FIDO2 libraries into your existing authentication system (uses existing infrastructure).

  3. How you integrate depends on your design decisions outlined above. If you want to learn about integrating a library into your existing authentication system then I would recommend Yubico's Passwordless Workshop.

  4. WebAuthn / FIDO2 supports various uses cases. Learn more at the FIDO Alliance.
Luke Walker
  • 333
  • 1
  • 4
  • Above mentioned steps seems to be complex & involved some licenses procurement so before making changes to actual application, to understand low level complexities involved in incorporating FIDO by doing POC means from where to start? Please guide/suggest open source server to do FIDO authentication, open source for 'Authenticator' & how to integrate between FIDO server & POC appilcation for authentication? – 191180rk Aug 05 '19 at 10:48
  • Please reply for above questions. – 191180rk Aug 06 '19 at 17:56
  • There are a couple catalogs where you can find products and services that support FIDO authentication: * [FIDO Alliance Certified Showcase](https://fidoalliance.org/fido-certified-showcase/) * [Works With YubiKey Catalog](https://www.yubico.com/works-with-yubikey/catalog/) – Luke Walker Aug 08 '19 at 16:58
  • Since you mention Windows Hello, I would suggest you look at Azure Active Directory. [AAD Works With YubiKey Resources](https://www.yubico.com/works-with-yubikey/catalog/azure-active-directory/) [AAD Resources](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys) – Luke Walker Aug 08 '19 at 17:03
  • herrjemand maintains a [list of open source WebAuthn resources](https://github.com/herrjemand/awesome-webauthn) as well. – Luke Walker Aug 08 '19 at 17:06