Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
en:shibidp:plugin-fudiscr [2022/06/20 09:58] – [Supported token methods from privacyIDEA] hofmann@fu-berlin.deen:shibidp:plugin-fudiscr [2023/01/27 11:39] – [WebAuthn] hofmann@fu-berlin.de
Line 426: Line 426:
 This document might be of help [[https://identity.fu-berlin.de/downloads/shibboleth/idp/plugins/authn/fudiscr/doc/ChallengeResponseFlow.pdf|ChallengeResponseFlow.pdf]]. This document might be of help [[https://identity.fu-berlin.de/downloads/shibboleth/idp/plugins/authn/fudiscr/doc/ChallengeResponseFlow.pdf|ChallengeResponseFlow.pdf]].
  
-===== WebAuthn (experimental) ===== +===== WebAuthn ===== 
-Starting from version 1.1.WebAuthn token can be used. +Starting from version 1.2.WebAuthn token can be used.
- +
-Version 1.1.1 is considered 'experimental' for now and is not installed during regular updates. +
- +
-If you want to update the plugin to this version, please run: +
- +
-<code> +
-%{idp.home}/bin/plugin.sh -u de.zedat.fudis.shibboleth.idp.plugin.authn.fudiscr -fu 1.1.1 +
-</code> +
- +
-A fresh installation of this version can be done by: +
-<code> +
-%{idp.home}/bin/plugin.sh -i https://identity.fu-berlin.de/downloads/shibboleth/idp/plugins/authn/fudiscr/1.1.1/fudis-shibboleth-idp-plugin-authn-fudiscr-1.1.1.tar.gz +
-</code>+
  
 <alert type="warning"> <alert type="warning">
Line 446: Line 433:
 //rpId// (relying party Id), //challenge//, //userVerification// and //timeout// are identical. //rpId// (relying party Id), //challenge//, //userVerification// and //timeout// are identical.
  
-If a user owns multiple active WebAuthn tokens and you set ''fudiscr.user_token_selection=multipleToken'' or ''fudiscr.user_token_selection=multipleTokenTypeGroup'' in ''%{idp.home}/conf/authn/fudiscr.properties'',+If a user owns multiple active WebAuthn tokens and you set ''fudiscr.user_token_selection=none'', ''fudiscr.user_token_selection=multipleToken'' or ''fudiscr.user_token_selection=multipleTokenTypeGroup'' in ''%{idp.home}/conf/authn/fudiscr.properties'',
 you have to set ''fudiscr.privacyidea.single_trigger_challenges=false'' as well. you have to set ''fudiscr.privacyidea.single_trigger_challenges=false'' as well.
 </alert> </alert>
Line 453: Line 440:
 There is no preliminary filtering done in order to check if the domain of the Identity Provider is compatible to the //rpId// of the WebAuthn token. There is no preliminary filtering done in order to check if the domain of the Identity Provider is compatible to the //rpId// of the WebAuthn token.
  
-There are changes to the previous version in the velocity templates ''main.vm'' and ''insert-response.vm'' in ''%{idp.home}/views/fudiscr/''+===== Release Notes ==== 
-In ''main.vm'' the form only got the additional attribute ''id="fudiscr-form"''. In ''insert-response.vm'' there are extensive changes. +   * 1.0.0 
 +      *plugin release 
 +   * 1.1.0 
 +      * privacyIDEA version 3.7 is also supported 
 +      * in case of invalid/empty input the message ''FudiscrNoResponse'' is written to the ''AuthenticationErrorContext'' 
 +      * in case of incorrect validation of a response (e.g. OTP) the message ''FudiscrInvalidResponse'' is written to the ''AuthenticationErrorContext'' 
 +      * ''login-error.vm'' is included by ''insert-response.vm'' 
 +      * ''fudiscr.UserHasAnyTokenPredicate'': Predicate tests if a user owns any token, no matter in which state
 +   * 1.2.0 
 +      * WebAuthn is supported 
 +      * ''main.vm'' and ''insert-response.vm'' were changed 
 +      * Important bugfix: Due to missing ''@NameParameter'' annotation in ''ChallengeResponseTokenIdPrincipal'' a serializer could not be assigned. This had an effect on all principal serializers. Randomly different serializers were used.
  
 ===== Further resources ==== ===== Further resources ====
  • Last modified: 8 months ago