diff --git a/docs/script-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py b/docs/script-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py
index 912400860a2..9ee08288785 100644
--- a/docs/script-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py
+++ b/docs/script-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py
@@ -18,13 +18,15 @@
from java.util.concurrent.locks import ReentrantLock
from jakarta.ws.rs import ClientErrorException
from jakarta.ws.rs.core import Response
-
-
+from io.jans.fido2.model.assertion import AssertionOptions
+from io.jans.fido2.model.attestation import AttestationOptions
+from io.jans.fido2.model.assertion import AssertionResult
+from io.jans.fido2.model.attestation import AttestationResult
from io.jans.jsf2.message import FacesMessages
from io.jans.jsf2.service import FacesService
from jakarta.faces.context import FacesContext
from jakarta.faces.application import FacesMessage
-
+from com.fasterxml.jackson.databind import ObjectMapper
from jakarta.servlet.http import Cookie
@@ -76,7 +78,7 @@ def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
identity = CdiUtil.bean(Identity)
-
+ mapper = ObjectMapper()
token_response = ServerUtil.getFirstValue(requestParameters, "tokenResponse")
if step == 1:
@@ -96,10 +98,10 @@ def authenticate(self, configurationAttributes, requestParameters, step):
return False
if auth_method == 'authenticate':
- print "Fido2. Prepare for step 2. Call Fido2 in order to finish authentication flow"
+ print "Fido2. Authenticate step 2. Call Fido2 in order to finish authentication flow"
assertionService = Fido2ClientFactory.instance().createAssertionService(self.metaDataConfiguration)
-
- assertionStatus = assertionService.verify(token_response)
+ assertionResult = mapper.readValue(token_response, AssertionResult)
+ assertionStatus = assertionService.verify(assertionResult)
authenticationStatusEntity = assertionStatus.readEntity(java.lang.String)
print "token_response %s " % token_response
print "assertionStatus: %s" % assertionStatus
@@ -132,7 +134,7 @@ def authenticate(self, configurationAttributes, requestParameters, step):
return True
elif step == 2:
print "Fido2. Authenticate for step 2"
-
+
token_response = ServerUtil.getFirstValue(requestParameters, "tokenResponse")
if token_response == None:
print "Fido2. Authenticate for step 2. tokenResponse is empty"
@@ -152,8 +154,9 @@ def authenticate(self, configurationAttributes, requestParameters, step):
if auth_method == 'authenticate':
print "Fido2. Prepare for step 2. Call Fido2 in order to finish authentication flow"
assertionService = Fido2ClientFactory.instance().createAssertionService(self.metaDataConfiguration)
-
- assertionStatus = assertionService.verify(token_response)
+ assertionResult = mapper.readValue(token_response, AssertionResult)
+
+ assertionStatus = assertionService.verify(assertionResult)
authenticationStatusEntity = assertionStatus.readEntity(java.lang.String)
print "token_response %s " % token_response
print "assertionStatus: %s" % assertionStatus
@@ -167,8 +170,9 @@ def authenticate(self, configurationAttributes, requestParameters, step):
elif auth_method == 'enroll':
print "Fido2. Prepare for step 2. Call Fido2 in order to finish registration flow"
attestationService = Fido2ClientFactory.instance().createAttestationService(self.metaDataConfiguration)
-
- attestationStatus = attestationService.verify(token_response)
+ attestationResult = mapper.readValue(token_response, AttestationResult)
+ attestationStatus = attestationService.verify(attestationResult)
+
print "Fido2. token_response %s " % token_response
print "Fido2. attestationStatus: %s" % attestationStatus
print "Fido2. attestationStatus.getStatus() : %s" % attestationStatus.getStatus()
@@ -204,9 +208,12 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
if step == 1:
try:
print "Fido2. Prepare for step 1. Call Fido2 endpoint in order to start assertion flow"
- assertionRequest = json.dumps({ 'origin': domain, 'allowCredentials': allowList}, separators=(',', ':'))
- print ("Assertion Request : %s" % assertionRequest)
+
+ assertionRequest = AssertionOptions()
+ assertionRequest.setOrigin(domain)
+ assertionRequest.setAllowCredentials(Arrays.asList(allowList))
assertionResponse = assertionService.authenticate(assertionRequest).readEntity(java.lang.String)
+
print "assertionResponse %s " % assertionResponse
identity.setWorkingParameter("fido2_assertion_request", ServerUtil.asJson(assertionResponse))
@@ -237,7 +244,10 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
if count > 0:
print "Fido2. Prepare for step 2. Call Fido2 endpoint in order to start assertion flow"
try:
- assertionRequest = json.dumps({'username': userName, 'origin': domain}, separators=(',', ':'))
+
+ assertionRequest = AssertionOptions()
+ assertionRequest.setUsername(userName)
+ assertionRequest.setOrigin(domain)
assertionResponse = assertionService.authenticate(assertionRequest).readEntity(java.lang.String)
print "assertionResponse %s " % assertionResponse
@@ -249,10 +259,11 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
try:
attestationService = Fido2ClientFactory.instance().createAttestationService(metaDataConfiguration)
- basic_json = {'username': userName, 'displayName': userName, 'origin': domain}
- print " basic_json %s" % basic_json
-
- attestationRequest = json.dumps(basic_json)
+
+ attestationRequest = AttestationOptions()
+ attestationRequest.setUsername(userName)
+ attestationRequest.setOrigin(domain)
+ attestationRequest.setDisplayName(userName)
attestationResponse = attestationService.register(attestationRequest).readEntity(java.lang.String)
except ClientErrorException, ex:
print "Fido2. Prepare for step 2. Failed to start attestation flow. Exception:", sys.exc_info()[1]
diff --git a/jans-auth-server/server/src/main/resources/jans-auth.properties b/jans-auth-server/server/src/main/resources/jans-auth.properties
index 774d98719d8..5a03788310e 100644
--- a/jans-auth-server/server/src/main/resources/jans-auth.properties
+++ b/jans-auth-server/server/src/main/resources/jans-auth.properties
@@ -258,12 +258,12 @@ u2f.verification.insertkey = Insert your U2F security key.
u2f.verification.useit=If your U2F key has a button, tap it. Otherwise you can remove it and re-insert it.
fido2.verification.stepverification=2 Step Verification
-fido2.verification.usedevice=Use your fido2 device to sign in to your Gluu account.
-fido2.verification.insertkey = Insert your fido2 security key.
-fido2.verification.useit=If your fido2 key has a button, tap it. Otherwise you can remove it and re-insert it.
-fido2.touch.verification.usedevice=Use Touch ID on your Apple device to sign in to your Gluu account.
-fido2.touch.verification.insertkey = Place your finger on the Touch ID.
-fido2.touch.verification.useit=Click Ok to enable the Touch ID.
+fido2.verification.usedevice=Use your passkey to sign in to your account.
+fido2.verification.insertkey = Enable secure and password-free sign-ins for your app by integrating passkeys, allowing users to authenticate with biometrics, PINs, or security keys.
+fido2.verification.useit=Follow the instructions on your browser.
+fido2.touch.verification.usedevice=Use your passkey to sign in to your account.
+fido2.touch.verification.insertkey = Follow the instructions on your browser.
+fido2.touch.verification.useit=Follow the instructions on your browser.
login.use.touchID=OK
otp.login=Done
diff --git a/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml b/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml
index 9b54218b182..0b3d78fc002 100644
--- a/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml
+++ b/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml
@@ -12,9 +12,10 @@
-
-
-
+
+
+
+