- One of the following Linux distributions. The installation script is untested on other flavors of Linux but may work with slight modifications.
- RedHat/CentOS/Oracle 7
- Ubuntu 18.04
- Debian 9
- Amazon Linux 2
-
A fully qualified public domain name (FQDN). It is very important to have a hostname that is at least top-level domain (TLD)+1 (i.e., acme.com, example.org, etc); otherwise FIDO2 functionality may not work.
-
The installation script installs Payara running HTTPS on port 8181, so make sure all firewall rules allow that port to be accessed.
-
StrongKey's FIDO2 Server must be installed before the sample service provider web application and sample WebAuthn Java client.
NOTE: If the install fails for any reason, follow the instructions for Removal, below, and restart from the beginning.
-
Open a terminal and change directory to the target download folder.
-
Install wget if it has not been already.
sudo yum install wget or sudo apt install wget
-
Download the binary distribution file fido2server-v0.9-dist.tgz.
wget https://github.com/StrongKey/fido2/raw/master/fido2server-v0.9-dist.tgz
-
Extract the downloaded file to the current directory:
tar xvzf fido2server-v0.9-dist.tgz
-
Be sure that you have your machine's FQDN set as its hostname. This is necessary to properly configure the self-signed certificate for the API. Check with the following command:
hostname
If you see only the machine name and not the public FQDN, run the following command:
sudo hostnamectl set-hostname <YOUR SERVER'S PUBLIC FQDN>
If you do not have DNS configured for this machine, please run the following command to add an entry to the /etc/hosts file. DO NOT run this if your machine does not have a configured FQDN and is still running as localhost.
echo `hostname -I | awk '{print $1}'` $(hostname) | sudo tee -a /etc/hosts
-
Execute the install-skfs.sh script as follows:
sudo ./install-skfs.sh
The installation script will create a strongkey user account with the home directory of /usr/local/strongkey. All software required for the StrongKey FIDO2 Server will be deployed to the /usr/local/strongkey directory and be run by the strongkey user. The default password for the strongkey user is ShaZam123.
-
Using the following command, confirm your FIDO2 Server is running. You should get the API Web Application Definition Language (WADL) file back in response.
curl -k https://localhost:8181/api/application.wadl
-
To test this installation of the FIDO2 Server, check out the Basic Java Sample application or a JAVA proof of concept (PoC) application which also involves user registration using emails.
NOTE: Both the signing and secret keys in the keystore use default values and should be changed after installation is completed. The keystore and the TrustStore are located in /usr/local/strongkey/skfs/keystores. Run the following command from usr/local/strongkey/keymanager to see the usage and syntax for the keymanager tool, then change them both:
java -jar keymanager.jar
-
Using the Installation steps in the previous section, individually install and configure all the FIDO2 Servers to be clustered.
-
For each server determine the Fully Qualified Domain Name (FQDN) and assign it a unique server ID.
-
Perform the following on every server to be clustered:
a. Open the appliance configuration properties and modify the following:
appliance.cfg.property.serverid=<server-id> (set to the corresponding sid) appliance.cfg.property.replicate=true (should be set to true) …c. Now login to the MySQL database:
mysql -u skfsdbuser -pAbracaDabra skfsd. Truncate the existing SERVERS table:
truncate SERVERS;e. Insert the new server entries:
insert into SERVERS values (1, '<fqdn>', 'Active', 'Both', 'Active', null, null); insert into SERVERS values (2, '<fqdn>', 'Active', 'Both', 'Active', null, null); insert into SERVERS values (3, '<fqdn>', 'Active', 'Both', 'Active', null, null); …f. Restart GlassFish:
sudo service glassfishd restartg. Repeat the above sequence of steps (a–f) on all remaining StrongKey FIDO2 Servers.
To uninstall StrongKey FIDO2 Server, run the following command from the folder where the distribution was extracted:
sh
sudo ./cleanup.sh
This removes all StrongKey files plus the installed dependency packages. If you've installed the sample service provider web application and the StrongKey WebAuthn client, they will be removed as well.