[cryptography] Fwd: Some tools for FIDO-enabling web-applications with U2F

Arshad Noor arshad.noor at strongauth.com
Sat Feb 27 09:05:24 EST 2016


-------- Forwarded Message --------
Subject: Some tools for FIDO-enabling web-applications with U2F
Date: Thu, 25 Feb 2016 21:17:45 -0800
From: Arshad Noor <arshad.noor at strongauth.com>
Organization: StrongAuth, Inc.
To: FIDO Dev (fido-dev) <fido-dev at fidoalliance.org>


Having built business applications in the past, I know first-hand, how
difficult it can be using new technology to solve problems when there
aren't enough examples and tools available in the ecosystem.

We've made some tools available on the internet, for people new to
FIDO U2F, in the hope that it will ease them into realizing that
FIDO-enabling web applications is not a big deal.

The tools are:

- An open-source FIDO Certified U2F server that can be setup in an hour:

- A tutorial to FIDO-enable a basic JSP-based, CRUD web-application and
   make it work with the above-mentioned U2F server:

- A FIDO U2F Token Simulator in software for desktop applications.
   This can be useful in automated testing without the need to have a
   human sitting in front of a PC providing "Test-of-User-Presence"
   proof, or if you don't have a U2F token (in many countries) and
   still want to FIDO-enable a web-app.  However you just can't test
   it through a browser; but it can be useful in environments that
   use tools like Selenium for automated web-app testing):

- A FIDO U2F Token Simulator in software for Android (for the same
   reasons mentioned above, and at the same URL).

- A FIDO-enabled web-application you can test immediately if you have
   a FIDO Certified U2F token:
   (https://fidodemo.strongauth.com/skcc - with password 1FA)
   (https://fidodemo.strongauth.com/pno - no password, with CAPTCHA)
   (https://fidodemo.strongauth.com/pnoc - no password, no CAPTCHA)
   (The last example can be useful for intranet web-apps where users
    might already be authenticated on the network through LDAP servers
    or equivalent)

- If you want to download the SKCC web-application and test it on your
   network without going across the internet, its available for download:

We hope people will find these useful; if not, let us know how they
can be improved (its all FOSS, so the only thing you have to to lose
is a little time). :-)


Arshad Noor
StrongAuth, Inc.

More information about the cryptography mailing list