FIDO-enabled FOSS application: StrongAuth PKI2FIDO

[Arshad Noor]

Hi,

I'd like to announce the release of a new FOSS web-application: StrongAuth PKI2FIDO.

StrongAuth PKI2FIDO is built using Angular2 and Java. its primary function is to enable users with X509 digital certificates to authenticate to PKI2FIDO using TLS ClientAuth, and once strongly-authenticated (certificate PKIX-validated as well as authorized by an LDAP Directory Server), allow the user to register a new FIDO U2F Key with an instance of our open-source FIDO Certified U2F Server: StrongKey CryptoEngine. 

The result is that a trusted user with a PIV, CAC or other smartcard within an enterprise/agency can register a FIDO Key with the enterprise's/agency's FIDO Server thus creating a trusted FIDO credential.  The enterprise/agency can now leverage the simplicity of FIDO strong-authentication and enable stronger security for web-applications.  A high-level diagram of the flow is available here.

To quickly learn how PKI2FIDO works, you can import this PKCS#12 file - password: Abcd1234! - into your Chrome (43 or greater) browser (we haven't tested with Firefox or Opera yet, but anticipate it will work) and connect to an instance of PKI2FIDO running on a StrongAuth demo machine on the internet.  You should have a FIDO U2F Authenticator before you begin; you will also need to be able to connect to port 48282 on this machine since that is the TLS ClientAuth-enabled port - only the landing page is on port 443. 

Once you've registered your FIDO Key, continue on to test the newly registered key with our FIDO-enabled web-applications: FIDORestApp - a U2F protocol tester, and StrongKey CryptoCabinet - a FIDO-enabled, AWS/Azure/Eucalyptus/OAM-integrated, file-encryption web-application.

You can download the binaries, source, release notes (with installation guide) here, and test with your own PKI-issued digital certificates.  You will need to install the StrongKey CryptoEngine first to setup your FIDO Server; after that, the PKI2FIDO installation takes about 30 minutes.

If you have any questions, please don't hesitate to ask; the discussion forum at the download site is ideal for that.  Feedback is always welcome.

Thanks.

Arshad Noor
StrongAuth, Inc.

[Fred Le Tamanoir]

Thanx again Arshaad for offering open solutions we can all use to mix the good old PKI world with the new FIDO one.
I will definitely try this. 

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3128c7bf-0ce2-3206-10bc-0efdb4ccaff5%40strongauth.com.