Skip to content

feat: Support Super Gluu one step authentication to Fido2 server #3593

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
feat: Support Super Gluu one step authentication to Fido2 server#3593
Assignees
yuremmaduvenajmunozherbas
Labels
kind-featureIssue or PR is a new feature request
@yurem

Description

@yurem
yurem
opened on Jan 10, 2023

Super Gluu is based on the U2F specification with a small extension. Instead of a physically connected device, Auth Server communicates with the Super Gluu mobile application via QR code or push messages. Also, Super Gluu has an extension to support one step authentication.

The current version of Super Gluu uses oxAuth U2F endpoints. In Jans we have separate Fido2 server which supports both fido2/u2f specifications. We need to migrate Super Gluu to use Fido2 server and deprecate oxAuth U2F endpoints.

One small change is needed for Super Gluu Mobile: it should try to get metadata from https://<server>/.well-known/fido-configuration as before; if this endpoint is missing. it should get it from https://<server>/.well-known/fido2-configuration.

Here are references for the one step changes we added to oxAuth U2F:

  1. GluuFederation/oxAuth@d1e3021#diff-5c39eb616277e16b2eb2dc627057549c73c025537f545aa1e1f04577efab40a7
  2. GluuFederation/oxAuth@bde0096#diff-113cb0fdfe862fdc4f09560a475ceb95dee107d7c5ae88bfb4e0df47e17e40f6

This is to explain where we added customizations to U2F.

Metadata

Assignees

Labels

kind-featureIssue or PR is a new feature request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions