Skip to main content
Version: 2.4.x.x Java 8 ELS

nevisFIDO Configuration

For all use-cases, nevisFIDO needs to be prepared to support FIDO2.

FIDO2 configuration block

nevisFIDO FIDO2 configuration
/var/opt/nevisfido/<instance>/conf/nevisfido.yml
fido2:
enabled: true
rp-name: <relying-party-name>
rp-id: <relying-party-id>
origins:
- "<origin>"
authorization:
registration:
type: sectoken
authentication:
type: none

Substitute data into this configuration block:

  • relying-party-name: The name of your organization, for example Siven Chocolate Factory Inc..
  • relying-party-id: The ID of the relying party, to which domain the public key credentials will be scoped to. For example: siven.net.
  • origin: The origin that is associated with the server. Origins are commonly referred to as endpoints and they must contain the rp-id, but they can be for example a subdomain of it: https://chocolate.siven.net:9443.

Prepare the credential repository

nevisFIDO credential repository configuration
/var/opt/nevisfido/<instance>/conf/nevisfido.yml
credential-repository:
type: nevisidm
rest-url: https://<nevisidm-host>:<nevisidm-port>/nevisidm
keystore: /var/opt/keybox/default/node_keystore.jks
keystore-passphrase: password
keystore-type: jks
truststore: /var/opt/keybox/default/truststore.jks
truststore-passphrase: password
truststore-type: jks
client-id: 100
user-attribute: loginId
  • Replace nevisidm-host and nevisidm-port according to your environment.
  • Note user-attribute: this signals for nevisFIDO the username the server receives is what identifier attribute of the user, so the FIDO2 Registration Client Javascript and the FIDO2 Authentication Client Javascript must send its username property accordingly.

For more detailed configuration, please visit nevisFIDO Configuration.

note

Everything done right, upon startup, the nevisFIDO server should print this into the log (if UAF is enabled on the same server, it is also listed):

INFO  c.n.a.fido.application.Application The following 1 profile is active: "fido2"