FIDO U2F#
Overview#
FIDO Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices based on similar security technology found in smart cards.
Learn more about the U2F standard on Gluu's website.
This document will explain how to use Gluu's U2F interception script to configure the Gluu Server for a two-step authentication process with username and password as the first step, and any U2F device as the second step.
Some well known U2F devices and manufacturers include:
- Vasco DIGIPASS SecureClick
- Yubico
- HyperFIDO
- Feitian Technologies
Check FIDO's certified products for a comprehensive list of U2F devices (sort by Specification == U2F).
Properties#
The script has the following properties
| Property | Description | Example |
|---|---|---|
| u2f_application_id | URL of the application | https://idp.gluu.info |
| u2f_server_uri | DNS/URL of the oxauth/u2f server | https://idp.gluu.info |
| u2f_server_metadata_uri | URL of the u2f server metadata | https://idp.gluu.info |
Configure U2F#
Follow the steps below to configure the U2F module in the oxTrust Admin GUI.
-
Navigate to
Configuration>Manage Custom Scripts. -
Click on the
Person Authenticationtab
-
Select the U2F script
-
Enable the script by ticking the check box
-
Click
Update -
Change the
Default Authentication Methodtou2f
