wiki:net.sf.basedb.webauthn/using

How to use the WebAuthn authentication extension

Logging in

Before it is possible to login with a WebAuthn Security Key the server administrator need to register the key and connect it to the user account (see below). It is not possible for users to register the key by themselves. Depending on the capabilities of the security key, the administrator may enable password-less authentication.

Basic WebAuthn

In the basic mode, the user has to specify the login and password and then verify the login by touching the security key.

  1. Start by entering the Login and Password information in the form.
  2. Press ENTER or click on the Login button.
  3. The browser should ask you to insert the security into an USB port (unless it is already inserted).
  4. Press the button on the security key (do not click on the Cancel button).
  5. You should now be logged in.
Note!
The exact prompts and dialogs that the browser displays vary by the browser and operating system you are using. Below are some examples:

Newer Firefox, Chrome and Edge 101 on Windows 10

Step 3: Prompting you for inserting a key Step 4: Prompting you for touching the key
Insert key Touch key

Older Firefox

Step 3 and 4: Prompting you for inserting and touching the key
Older Firefox

Password-less authentication

If the security key supports it, the administrator may enable password-less authentication. For example, this is possible with the newer YubiKey 5 models. This mode also requires that the security key is protected with a PIN.

  1. Start by selecting the WebAuthn (password-less) login metod
  2. Click on the Login button.
  3. The browser should ask you to insert the security into an USB port (unless it is already inserted).
  4. Enter the PIN and press the button on the security key (do not click on the Cancel button).
  5. You should now be logged in.
Step 1: Password-less login Step 4: Enter a PIN
Password-less login form Enter PIN

Assigning security keys to users

  1. To assign a WebAuthn security to a user, the BASE administrator should locate that user in the Administrate->Users list and open the edit dialog.
  2. Switch to the WebAuthn tab. This should state that no security key is enabled for the account.
  3. Insert the security key into an USB port.
  4. Decide if password-less login should be enabled or not and click on the Register button.
  5. Press the button on the security for verification. If password-less login has been enabled, the user must also enter the PIN. If the security doesn't support password-less login, the browser should display an error message and the registration need to be re-started without the password-less login option.
  6. If the registration is successful the dialog should switch to reflect the fact that the account is now WebAuthn-enabled. Take out the key and enter the serial number into the Serial # field (optional). Save!

Unassign a security key

Click on the Remove in the WebAuthn tab in the Edit user dialog. Save!

Notes!

  1. It is possible to assign the same security key to more than one user account. This might be practical for persons that have one regular account for daily usage and one account for administrative needs.
  2. The administrator may allow other authentication methods.
Last modified 2 years ago Last modified on Aug 15, 2022, 8:56:23 AM

Attachments (5)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.