WebAuthn Plugin Version 1.0.0 Features

Existing features as of alpha 0.0.2:

• Authentication

  • Passwordless: Requires user verification but keys can be stored on the server

    • Requires username view

  • Usernameless (passkey): Requires discoverable credentials and user verification.

    • User selects the registered credential for a given user.id off the authenticator

  • Second Factor : After an appropriate first factor, only requires a FIDO compliant authenticator and user presence checking

• Registration

  • Admin UI flow for a user to register and remove WebAuthn credentials using the Storage Service API

• FIDO Metadata

  • Download and load the FIDO authenticator metadata

    • Only allow trusted authenticators

    • Enhance the registration UI

Features not yet implemented for V1.0.0:

• User identity information from attribute resolver : https://shibboleth.atlassian.net/browse/JWEBAUTHN-11

• CSP protection : https://shibboleth.atlassian.net/browse/JWEBAUTHN-4

• Admin UI for managing user credentials across the organisation : https://shibboleth.atlassian.net/browse/JWEBAUTHN-8

• Enhance WebAuthn error messaging : https://shibboleth.atlassian.net/browse/JWEBAUTHN-10

Future features:

• Reporting API : https://shibboleth.atlassian.net/browse/JWEBAUTHN-7

• Autofill UI : https://shibboleth.atlassian.net/browse/JWEBAUTHN-3

• HTTP APIs to the plugin to support externalised credential management UI : https://shibboleth.atlassian.net/browse/JWEBAUTHN-9