This repository contains a client which will call my instance Keycloak configured with password as first factor and WebAuthn (FIDO2) as second factor. The first factor is a password for which the guidelines mentioned in NIST SP 800-63b have been followed:
- at least 8 characters in length
- not allowed in case the password is present in a blacklist that contains values known to be commonly-used, expected, or compromised. In casu, the HIBP API is used.
WebAutn can also be used as the sole factor and hence replace passwords completely. However, since I also wanted to showcase the HIBP API, I'm using WebAuthn as a second factor and password as a first factor. Note that, although functionally very similar, I'm not using U2F (FIDO1) here. WebAuthn (FIDO2) is used.
- currently only the client is online: https://demo.michaelboeynaems.com
- please host the server yourself based on https://github.com/Mich-b/Keycloak_fido2_hibp
See https://github.com/Mich-b/Keycloak_fido2_hibp
You probably will have to make changes to the config in the following files:
- /src/constants.ts
- /src/assets/signin-callback.html
- /src/assets/silent-callback.html
- /src/app/app-auth-n.service.ts
*npm install *npm start *npm run-script build
Simply drop the /dist/App folder in Netlify, or link your Github forked repo.
Oidc.Log.logger = console;