Use this project to authenticate using security devices (Yubico Key, Windows Hello, Touch ID on Mac, etc.)

When a main flow of this project is launched (namely io.jans.agama.securitykey.main) the user's browser is redirected to a view where he/she must first enter his/her username, then validate one of the security keys that he/she has configured for his/her user (Yubico Key, Windows Hello, Touch ID on Mac, etc.). Finally, the user's browser is redirected to the registered URI.

Note: You must have registered security devices to your user, to register you must use Jans Casa.

To deploy this project we need to meet the requirements.

1. Running instance of Jans Auth Server, Jans Fido2 and Jans Casa

1. Download latest agama-securitykey-custom.jar from Releases
2. scp the jar file to /opt/jans/jetty/jans-auth/custom/libs/ on Auth Server
3. On Auth Server, edit /opt/jans/jetty/jans-auth/webapps/jans-auth.xml and add the jar file to the <set name="extractClasspath">...</Set> element. For example:

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
   <Set name="contextPath">/jans-auth</Set>
   <Set name="war">
       <Property name="jetty.webapps" default="." />/jans-auth.war
   </Set>
   <Set name="extractWAR">true</Set>
   <Set name="extraClasspath">
      ...
      /opt/jans/jetty/jans-auth/custom/libs/agama-securitykey-custom.jar,
      ...
   </Set>
 </Configure>

4. Restart Auth Server to load the new jar:

systemctl restart jans-auth

Download the latest agama-securitykey.gama file and deploy it in Auth Sever.

Siga los siguientes pasos:

• Copy (SCP/SFTP) the gama file of this project to a location in your Jans Server
• Connect (SSH) to your Jans Server and open TUI: python3 /opt/jans/jans-cli/jans_cli_tui.py
• Navigate to the Agama tab and then select "Upload project". Choose the gama file
• Wait for about one minute and then select the row in the table corresponding to this project
• Press d and ensure there were not deployment errors
• Pres ESC to close the dialog

You'll need an OpenID Connect test RP. You can try oidcdebugger, jans-tarp or jans-tent. Check out this video to see an example of agama-securitykey in action:

Milton Ch.

This project is licensed under the Apache 2.0