Fwd: Some tools for FIDO-enabling web-applications with U2F

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Fwd: Some tools for FIDO-enabling web-applications with U2F

Arshad Noor
Once again, our thanks to the BC - and the SpongyCastle - teams for
making this possible.


-------- Forwarded Message --------
Subject: Some tools for FIDO-enabling web-applications with U2F
Date: Thu, 25 Feb 2016 21:17:45 -0800
From: Arshad Noor <[hidden email]>
Organization: StrongAuth, Inc.
To: FIDO Dev (fido-dev) <[hidden email]>


Having built business applications in the past, I know first-hand, how
difficult it can be using new technology to solve problems when there
aren't enough examples and tools available in the ecosystem.

We've made some tools available on the internet, for people new to
FIDO U2F, in the hope that it will ease them into realizing that
FIDO-enabling web applications is not a big deal.

The tools are:

- An open-source FIDO Certified U2F server - you can set it up in a VM
   in less than an hour with the automated install:

- A tutorial to FIDO-enable a basic JSP-based, CRUD web-application and
   make it work with the above-mentioned U2F server:


- A FIDO U2F Token Simulator in software for desktop applications.
   This can be useful in automated testing without the need to have a
   human sitting in front of a PC providing "Test-of-User-Presence"
   proof, or if you don't have a U2F token (in many countries) and
   still want to FIDO-enable a web-app.  However you just can't test
   it through a browser; but it can be useful in environments that
   use tools like Selenium for automated web-app testing):

- A FIDO U2F Token Simulator in software for Android (for the same
   reasons mentioned above, and at the same URL).

- A FIDO-enabled web-application you can test immediately if you have
   a FIDO Certified U2F token:
   (https://fidodemo.strongauth.com/skcc - with password 1FA)
   (https://fidodemo.strongauth.com/pno - no password, with CAPTCHA)
   (https://fidodemo.strongauth.com/pnoc - no password, no CAPTCHA)
   (The last example can be useful for intranet web-apps where users
    might already be authenticated on the network through LDAP servers
    or equivalent)

- If you want to download the SKCC web-application and test it on your
   network without going across the internet, its available for download:

We hope people will find these useful; if not, let us know how they
can be improved (its all FOSS, so the only thing you have to to lose
is a little time). :-)


Arshad Noor
StrongAuth, Inc.