Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:shibidp:plugin-fudiscr [2022/06/20 09:58] – [Supported token methods from privacyIDEA] hofmann@fu-berlin.deen:shibidp:plugin-fudiscr [2023/09/14 19:57] (current) – [Release Notes] hofmann@fu-berlin.de
Line 426: Line 426:
 This document might be of help [[https://identity.fu-berlin.de/downloads/shibboleth/idp/plugins/authn/fudiscr/doc/ChallengeResponseFlow.pdf|ChallengeResponseFlow.pdf]]. This document might be of help [[https://identity.fu-berlin.de/downloads/shibboleth/idp/plugins/authn/fudiscr/doc/ChallengeResponseFlow.pdf|ChallengeResponseFlow.pdf]].
  
-===== WebAuthn (experimental) ===== +===== WebAuthn ===== 
-Starting from version 1.1.WebAuthn token can be used. +Starting from version 1.2.WebAuthn token can be used.
- +
-Version 1.1.1 is considered 'experimental' for now and is not installed during regular updates. +
- +
-If you want to update the plugin to this version, please run: +
- +
-<code> +
-%{idp.home}/bin/plugin.sh -u de.zedat.fudis.shibboleth.idp.plugin.authn.fudiscr -fu 1.1.1 +
-</code> +
- +
-A fresh installation of this version can be done by: +
-<code> +
-%{idp.home}/bin/plugin.sh -i https://identity.fu-berlin.de/downloads/shibboleth/idp/plugins/authn/fudiscr/1.1.1/fudis-shibboleth-idp-plugin-authn-fudiscr-1.1.1.tar.gz +
-</code>+
  
 <alert type="warning"> <alert type="warning">
Line 446: Line 433:
 //rpId// (relying party Id), //challenge//, //userVerification// and //timeout// are identical. //rpId// (relying party Id), //challenge//, //userVerification// and //timeout// are identical.
  
-If a user owns multiple active WebAuthn tokens and you set ''fudiscr.user_token_selection=multipleToken'' or ''fudiscr.user_token_selection=multipleTokenTypeGroup'' in ''%{idp.home}/conf/authn/fudiscr.properties'',+If a user owns multiple active WebAuthn tokens and you set ''fudiscr.user_token_selection=none'', ''fudiscr.user_token_selection=multipleToken'' or ''fudiscr.user_token_selection=multipleTokenTypeGroup'' in ''%{idp.home}/conf/authn/fudiscr.properties'',
 you have to set ''fudiscr.privacyidea.single_trigger_challenges=false'' as well. you have to set ''fudiscr.privacyidea.single_trigger_challenges=false'' as well.
 </alert> </alert>
Line 452: Line 439:
 In general it applies that the domain of the Identity Provider has to either be identical to the //rpId// from WebAuthn or a subdomain of it. In general it applies that the domain of the Identity Provider has to either be identical to the //rpId// from WebAuthn or a subdomain of it.
 There is no preliminary filtering done in order to check if the domain of the Identity Provider is compatible to the //rpId// of the WebAuthn token. There is no preliminary filtering done in order to check if the domain of the Identity Provider is compatible to the //rpId// of the WebAuthn token.
- 
-There are changes to the previous version in the velocity templates ''main.vm'' and ''insert-response.vm'' in ''%{idp.home}/views/fudiscr/''. 
-In ''main.vm'' the form only got the additional attribute ''id="fudiscr-form"''. In ''insert-response.vm'' there are extensive changes. 
  
  
  • Last modified: 23 months ago