...
The plugin supports two sources of Authenticator Metadata. The first is the official FIDO metadata obtained from the FIDO Metadata Service (FIDO Alliance Metadata Service - FIDO Alliance). The second source provides basic authenticator metadata from a locally configured JSON file. It aims to capture limited information about authenticators not in the FIDO metadata feed suitable for enhancing the registration interface.
FIDO Metadata Service
The official FIDO Alliance Metadata Service is a central repository of metadata statements about authenticator models. When enabled, this provides the following additional features:
...
Supplementary Passkey Provider Metadata
Without an additional source of metadata, authenticators/providers that are not part of the FIDO Metadata Service will remain ‘unknown’ to the registration/admin user interfaces. Typically, these are software authenticators that cannot provide "trusted" attestations (they self-attest) that can be verified by a trust anchor in the FIDO metadata service.
However, if you want the end-user to see a name and icon for ‘software’ authenticators they register in the registration inteferface e.g. ‘Bitwarden’, or ‘Windows Hello’, you will need to enable the supplementary passkey provider metadata support. To do this you must first download a suitable AAGUID JSON file based on the JSON schema attached. Next, enable support in the plugin by setting the property idp.authn.webauthn.metadata.aaguid.enabled to true and point to the AAGUID JSON file using the property idp.authn.webauthn.metadata.aaguid.passkeyAaguidFile.
This is taken from the passkey-authenticator-aaguid GitHub repository.
View file | ||
---|---|---|
|
View file | ||
---|---|---|
|
Reference
Expand | ||
---|---|---|
| ||
...