WebAuthn Plugin Version 1.0.0 Features
Â
Existing features as of alpha 0.0.2:
Authentication
Passwordless: Requires user verification but keys can be stored on the server
Requires username view
Usernameless (passkey): Requires discoverable credentials and user verification.
User selects the registered credential for a given user.id off the authenticator
Second Factor : After an appropriate first factor, only requires a FIDO compliant authenticator and user presence checking
Registration
Admin UI flow for a user to register and remove WebAuthn credentials using the Storage Service API
FIDO Metadata
Download and load the FIDO authenticator metadata
Only allow trusted authenticators
Enhance the registration UI
Features not yet implemented for V1.0.0:
User identity information from attribute resolver : JWEBAUTHN-11: Pull identity information from the AttributeResolver during registrationClosed
CSP protection : https://shibboleth.atlassian.net/browse/JWEBAUTHN-4
Admin UI for managing user credentials across the organisation : https://shibboleth.atlassian.net/browse/JWEBAUTHN-8
Enhance WebAuthn error messaging : https://shibboleth.atlassian.net/browse/JWEBAUTHN-10
Future features:
Reporting API : https://shibboleth.atlassian.net/browse/JWEBAUTHN-7
Autofill UI : JWEBAUTHN-3: Look into the Autofill UIOpen
HTTP APIs to the plugin to support externalised credential management UI : JWEBAUTHN-9: Support HTTP APIs for registering and managing user credentialsOpen
Â