Skip to content

Janssen FIDO2 Configuration#

The Janssen Server provides multiple configuration tools to perform these tasks.

Use the command line to perform actions from the terminal. Learn how to use Jans CLI here or jump straight to the Using Command Line

Use a fully functional text-based user interface from the terminal. Learn how to use Jans Text-based UI (TUI) here or jump straight to the Using Text-based UI

Use REST API for programmatic access or invoke via tools like CURL or Postman. Learn how to use Janssen Server Config API here or Jump straight to the Using Configuration REST API

Using Command Line#

In the Janssen Server, you can deploy and customize the FIDO2 Configuration using the command line. To get the details of Janssen command line operations relevant to FIDO2 Configuration, you can check the operations under Fido2Configuration task using the command below:

Command
/opt/jans/jans-cli/config-cli.py --info Fido2Configuration

It will show the details of the available operation-ids for Fido2.

Sample Output
Operation ID: get-properties-fido2
  Description: Gets Jans Authorization Server Fido2 configuration properties
Operation ID: put-properties-fido2
  Description: Updates Fido2 configuration properties
  Schema: Fido2:AppConfiguration

To get sample schema type /opt/jans/jans-cli/config-cli.py --schema <schema>, for example /opt/jans/jans-cli/config-cli.py --schema Fido2:AppConfiguration

Get The Current Fido2 Configuration#

To get the properties of Janssen Fido2 Configuration, run the command below:

Command
/opt/jans/jans-cli/config-cli.py --operation-id get-properties-fido2

It will return the result as below:

Sample Output
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{
  "issuer": "https://jans-project.lxd",
  "baseEndpoint": "https://jans-project.lxd/jans-fido2/restv1",
  "cleanServiceInterval": 60,
  "cleanServiceBatchChunkSize": 10000,
  "useLocalCache": true,
  "disableJdkLogger": true,
  "loggingLevel": "INFO",
  "loggingLayout": "text",
  "metricReporterInterval": 300,
  "metricReporterKeepDataDays": 15,
  "metricReporterEnabled": true,
  "personCustomObjectClassList": [
    "jansCustomPerson",
    "jansPerson"
  ],
  "superGluuEnabled": false,
  "sessionIdPersistInCache": false,
  "oldU2fMigrationEnabled": true,
  "errorReasonEnabled": false,
  "fido2Configuration": {
    "authenticatorCertsFolder": "/etc/jans/conf/fido2/authenticator_cert",
    "mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert",
    "mdsTocsFolder": "/etc/jans/conf/fido2/mds/toc",
    "checkU2fAttestations": false,
    "userAutoEnrollment": false,
    "unfinishedRequestExpiration": 180,
    "authenticationHistoryExpiration": 1296000,
    "serverMetadataFolder": "/etc/jans/conf/fido2/server_metadata",
    "requestedCredentialTypes": [
      "RS256",
      "ES256"
    ],
    "requestedParties": [
      {
        "name": "https://jans-project.lxd",
        "domains": [
          "jans-project.lxd"
        ]
      }
    ],
    "skipDownloadMdsEnabled": false,
    "skipValidateMdsInAttestationEnabled": false,
    "assertionOptionsGenerateEndpointEnabled": true
  }
}

Update FIDO2 Configuration Properties#

To update the configuration follow the steps below.

  1. Get the current configuration and store it into a file for editing
  2. Edit and update the desired configuration values in the file while keeping other properties and values unchanged. Updates must adhere to the Fido2:AppConfiguration schema as mentioned here. The schema details can be retrieved using the command below. The schema defines what values and datatypes are acceptable for each property value.
    Command
    /opt/jans/jans-cli/config-cli.py --schema Fido2:AppConfiguration
  3. Use the updated file to send the update to the Janssen Server using the command below
    Command
     /opt/jans/jans-cli/config-cli.py --operation-id put-properties-fido2 \
 --data /tmp/conf-data.json
    Upon successful execution of the update, the Janssen Server responds with updated configuration.

Using Text-based UI#

In the Janssen Server, You can manage FIDO2 Configuration using the Text-Based UI also.

You can start TUI using the command below:

Command
sudo /opt/jans/jans-cli/jans_cli_tui.py

Navigate to FIDO section where administrators can update dynamic and static configurations.

image

Using Configuration REST API#

Janssen Server Configuration REST API exposes relevant endpoints for managing and configuring the FIDO2 Configuration. Endpoint details are published in the Swagger document.

Last update: 2024-07-10
Created: 2021-04-22