mrvanes/simplesamlphp-module-authwebauthn

Webauthn authproc module.

Installs: 975

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 3

Forks: 1

Open Issues: 0

Type:simplesamlphp-module

dev-master 2019-10-02 08:37 UTC

This package is auto-updated.

Last update: 2024-10-29 05:40:16 UTC


README

This module implements a simpleSAMLphp authproc that can be used to enforce second factor authentication using Webauthn compatible security devices.

Thanks to David Earl for his excelent headstart on PHP based Webauthn implementation!

Requirements

This module uses a php-sqlite3 database to store user/key combinations.

Installation

composer require mrvanes/simplesamlphp-module-authwebauthn:dev-master

Usage

The authproc can be configured as registration or validation proc. Enable the proc on any authsource. E.g. one for registration purposes and one for validation purposes:

    'sp-register' => [
        'saml:SP',
        'entityID' => null,
        'idp' => 'idp-register',
        'discoURL' => null,
        'authproc' => [
            // Add Webauthn second factor registration
            100 => ['class' => 'authwebauthn:WebAuthn',
                    'id' => 'uid',
                    'database' => '/var/tmp/keys.sq3',
                    'purpose' => 'register'
                    ],
        ],
    ],
    'sp-login' => [
        'saml:SP',
        'entityID' => null,
        'idp' => 'idp-login',
        'discoURL' => null,
        'authproc' => [
            // Add Webauthn second factor validation
            100 => ['class' => 'authwebauthn:WebAuthn',
                    'id' => 'uid',
                    'database' => '/var/tmp/keys.sq3',
                    'purpose' => 'validate'
                    ],
        ],
    ],

Or on hosted IdP using fallback scenario (register if unable to validate, i.e. Trust On First Use)

$metadata['__DYNAMIC:1__'] = [
    'host' => '__DEFAULT__',
    'privatekey' => 'server.pem',
    'certificate' => 'server.crt',
    'auth' => 'example-userpass',
    'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
    'authproc' => [
            // Add Webauthn second factor validation
            100 => ['class' => 'authwebauthn:WebAuthn',
                    'id' => 'uid',
                    'database' => '/var/tmp/keys.sq3',
                    'purpose' => 'fallback'
                    ],
        ],
    ],
];