[cryptography] Fwd: Some tools for FIDO-enabling web-applications with U2F

Sat, 27 Feb 2016 06:13:55 -0800 

FYI.


-------- Forwarded Message --------
Subject: Some tools for FIDO-enabling web-applications with U2F
Date: Thu, 25 Feb 2016 21:17:45 -0800
From: Arshad Noor <arshad.n...@strongauth.com>
Organization: StrongAuth, Inc.
To: FIDO Dev (fido-dev) <fido-...@fidoalliance.org>

Hi,

Having built business applications in the past, I know first-hand, how
difficult it can be using new technology to solve problems when there
aren't enough examples and tools available in the ecosystem.

We've made some tools available on the internet, for people new to
FIDO U2F, in the hope that it will ease them into realizing that
FIDO-enabling web applications is not a big deal.

The tools are:

- An open-source FIDO Certified U2F server that can be setup in an hour:
  (https://sourceforge.net/projects/skce);

- A tutorial to FIDO-enable a basic JSP-based, CRUD web-application and
  make it work with the above-mentioned U2F server:

(https://fidodemo.strongauth.com/en-US/StrongKey_CryptoEngine/2.0/html/Fido_Tutorial_for_JSP/index.html)

- A FIDO U2F Token Simulator in software for desktop applications.
  This can be useful in automated testing without the need to have a
  human sitting in front of a PC providing "Test-of-User-Presence"
  proof, or if you don't have a U2F token (in many countries) and
  still want to FIDO-enable a web-app.  However you just can't test
  it through a browser; but it can be useful in environments that
  use tools like Selenium for automated web-app testing):
  (https://sourceforge.net/projects/skce/files/v2-Build124/)

- A FIDO U2F Token Simulator in software for Android (for the same
  reasons mentioned above, and at the same URL).

- A FIDO-enabled web-application you can test immediately if you have
  a FIDO Certified U2F token:
  (https://fidodemo.strongauth.com/skcc - with password 1FA)
  (https://fidodemo.strongauth.com/pno - no password, with CAPTCHA)
  (https://fidodemo.strongauth.com/pnoc - no password, no CAPTCHA)
  (The last example can be useful for intranet web-apps where users
   might already be authenticated on the network through LDAP servers
   or equivalent)

- If you want to download the SKCC web-application and test it on your
  network without going across the internet, its available for download:
  (https://sourceforge.net/projects/skcc).

We hope people will find these useful; if not, let us know how they
can be improved (its all FOSS, so the only thing you have to to lose
is a little time). :-)

Enjoy!

Arshad Noor
StrongAuth, Inc.



_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to