FIDO 2.0 Client

92 views
Skip to first unread message

SafeDevWorks Works

unread,
Oct 21, 2024, 11:37:02 AMOct 21
to FIDO Dev (fido-dev)
Hello, 

I'm looking for some direction and help.  I want to do some performance testing of a Fido2.0 Server that a vendor has provided.
Assuming the vendor followed the FIDO 2.0 spec when implementing the server, is there a FIDO client simulator that talks to the Relying Party, simulating the HTTP traffic similar to how a browser would do? Even if there are Curl or Postman collection, that would be a good start. Python or Java client would be best.

Thanks a bunch if someone has done this before, and can share a repo with the code.

SafeDev


Shane Weeden

unread,
Oct 21, 2024, 3:35:49 PMOct 21
to SafeDevWorks Works, FIDO Dev (fido-dev)
You could easily adapt something like this Node.JS client to do that: https://github.com/sbweeden/fido2-node-clients

Whilst I originally wrote them with variants of the FIDO2 servers that my company builds, you’ll see I also wrote a variant that works with the webauthn.io website. It would be fairly trivial to pivot this to the nuances of any other FIDO2 server’s APIs (since there is no such universal standard for HTTP APIs to a FIDO server).

There are POSTMAN equivalents of what that library does here that pretty much share the same underlying JS code to act as an authenticator / FIDO client: https://github.com/sbweeden/fido2-postman-clients

Regards,
Shane.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/0a87fd17-4bd9-45d1-af83-3baad1f31ceen%40fidoalliance.org.

SafeDevWorks Works

unread,
Oct 21, 2024, 5:26:41 PMOct 21
to FIDO Dev (fido-dev), Shane Weeden, FIDO Dev (fido-dev), SafeDevWorks Works
Thank you Shane. I'll give it a try.

Dani Mező

unread,
Oct 21, 2024, 8:02:23 PMOct 21
to FIDO Dev (fido-dev), SafeDevWorks Works, Shane Weeden, FIDO Dev (fido-dev)
Hi there, 

I am happy with the client side capabilities WebAuthn4j can provide: https://github.com/webauthn4j/webauthn4j/tree/master/webauthn4j-test/src/main/java/com/webauthn4j/test
I can recommend it.

Cheers, Daniel

Arshad Noor

unread,
Oct 23, 2024, 10:08:35 AMOct 23
to SafeDevWorks Works, FIDO Dev (fido-dev)
You cal also find a software simulator at
https://sourceforge.net/projects/strongkeyfido/ within the server
distribution's TGZ file.

There is also a JMeter plan that leverages it to test the FIDO Certified
StrongKey FIDO Server. But, I'm certain the plan can be modified to test
any other FIDO server too.

The forum at our project is available for detailed questions about the
simulator and the plan.

Good luck.

Arshad Noor
StrongKey
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org <mailto:fido-
> dev+uns...@fidoalliance.org>.
> af83-3baad1f31ceen%40fidoalliance.org <https://groups.google.com/a/
> fidoalliance.org/d/msgid/fido-dev/0a87fd17-4bd9-45d1-
> af83-3baad1f31ceen%40fidoalliance.org?utm_medium=email&utm_source=footer>.

Reply all
Reply to author
Forward
0 new messages