Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
en:shibidp:plugin-fudiscr [2022/05/31 08:51] – [Further resources] jhoffman@fu-berlin.de | en:shibidp:plugin-fudiscr [2023/01/27 11:39] – [WebAuthn] hofmann@fu-berlin.de | ||
---|---|---|---|
Line 29: | Line 29: | ||
* mOTP Token | * mOTP Token | ||
* Paper Token (PPR) | * Paper Token (PPR) | ||
- | * Questionnaire Token _Limitation: If only one answer is requested per directive._ | + | * Questionnaire Token (Limitation: //If only one answer is requested per directive.//) |
* SMS Token | * SMS Token | ||
* TAN Token | * TAN Token | ||
* TOTP | * TOTP | ||
- | * WebAuthn (from version 1.1.1) | + | * WebAuthn (from version 1.2.0) |
Support of //Push Token// is currently in development. | Support of //Push Token// is currently in development. | ||
Line 417: | Line 417: | ||
</ | </ | ||
- | Which means the result of the MFA authentication can not be reused. | + | This means the result of the MFA authentication can not be reused. |
<alert type=" | <alert type=" | ||
Line 426: | Line 426: | ||
This document might be of help [[https:// | This document might be of help [[https:// | ||
- | ===== WebAuthn | + | ===== WebAuthn ===== |
- | Starting from version 1.1.1 WebAuthn token can be used. | + | Starting from version 1.2.0 WebAuthn token can be used. |
- | + | ||
- | Version 1.1.1 is considered ' | + | |
- | + | ||
- | If you want to update the plugin to this version, please run: | + | |
- | + | ||
- | < | + | |
- | %{idp.home}/ | + | |
- | </ | + | |
- | + | ||
- | A fresh installation of this version can be done by: | + | |
- | < | + | |
- | %{idp.home}/ | + | |
- | </ | + | |
+ | <alert type=" | ||
The fudiscr plugin offers some options which permit multiple selection of tokens. If multiple tokens are selected during login it is assumed that the parameters | The fudiscr plugin offers some options which permit multiple selection of tokens. If multiple tokens are selected during login it is assumed that the parameters | ||
//rpId// (relying party Id), // | //rpId// (relying party Id), // | ||
+ | |||
+ | If a user owns multiple active WebAuthn tokens and you set '' | ||
+ | you have to set '' | ||
+ | </ | ||
In general it applies that the domain of the Identity Provider has to either be identical to the //rpId// from WebAuthn or a subdomain of it. | In general it applies that the domain of the Identity Provider has to either be identical to the //rpId// from WebAuthn or a subdomain of it. | ||
There is no preliminary filtering done in order to check if the domain of the Identity Provider is compatible to the //rpId// of the WebAuthn token. | There is no preliminary filtering done in order to check if the domain of the Identity Provider is compatible to the //rpId// of the WebAuthn token. | ||
- | There are changes to previous | + | ===== Release Notes ==== |
- | In '' | + | * 1.0.0 |
+ | *plugin release | ||
+ | * 1.1.0 | ||
+ | * privacyIDEA | ||
+ | * in case of invalid/ | ||
+ | * in case of incorrect validation of a response (e.g. OTP) the message '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * 1.2.0 | ||
+ | * WebAuthn is supported | ||
+ | * '' | ||
+ | * Important bugfix: Due to missing '' | ||
===== Further resources ==== | ===== Further resources ==== |