Add plugin for WebAuthn
Add plugin for WebAuthn
Add a plugin allowing to declare 2nd factor authentication devices using WebAuthn.
Activity
changed milestone to %FusionDirectory 1.4
added PJ1802-0188 label
mentioned in commit 8ea045cb
mentioned in commit 156fae3d
added packaging label
added plugin-webauthn label
hello,
pacakging will be done in https://gitlab.fusiondirectory.org/debian/fusiondirectory/issues/5755
mentioned in commit 5dbb35cc
mentioned in commit d2bce9cc
The file webauthn/html/include/webauthn.js is based on https://github.com/lbuchs/WebAuthn/blob/master/_test/client.html which is under MIT licence.
mentioned in commit 5c732779
mentioned in commit cc6e36bc
mentioned in commit 2f8b8942
mentioned in commit ca20d14a
-
@bmortier The code in the MR is now working.
I think the registration storing in the LDAP is fine, but the login part is not extensible enough.
For now I did a separate LoginMethod which inherits LoginPost but adds the 2nd factor auth.
We need to decide how we want the feature to work:
- If a user has no webauthn registration, does that mean he cannot connect, or he can connect with only its password?
- If I understood correctly other 2nd factor features may be added later, how would that work?
- Should installing the plugin be enough to activate the feature or should it be a configuration option somehow?
I think we should create some kind of 2ndFactor method interface, like there is for login methods, and LoginPost should ask each if it has a second factor registered for the user. That would mean a user which had no 2nd factor declared can connect only with password. It’s not clear what would/should happen if a user declares several 2nd factors.
Am I right assuming only LoginPost can lead to 2ndFactor or is it possible to want to use 2ndFactor with another login method?
