wiki:net.sf.basedb.webauthn/using

Version 3 (modified by Nicklas Nordborg, 4 months ago) (diff)

--

How to use the WebAuthn authentication extension

Logging in

Before it is possible to login with a WebAuthn Security Key the server administrator need to register the key and connect it to the user account. It is not possible for users to register the key by themselves.

  1. Start by entering the Login and Password information in the form.
  2. Press ENTER or click on the Login button.
  3. The browser should ask you to insert the security into an USB port (unless it is already inserted).
  4. Press the button on the security key (do not click on the Cancel button).
  5. You should now be logged in.
Note!
The exact prompts and dialogs that the browser displays vary by the browser and operating system you are using. Below are some examples:

Newer Firefox, Chrome and Edge 101 on Windows 10

Step 3: Prompting you for inserting a key Step 4: Prompting you for touching the key
Insert key Touch key

Older Firefox

Step 3 and 4: Prompting you for inserting and touching the key
Older Firefox

Assigning security keys to users

  1. To assign a WebAuthn security to a user, the BASE administrator should locate that user in the Administrate->Users list and open the edit dialog.
  2. Switch to the WebAuthn tab. This should state that no security key is enabled for the account.
  3. Insert the security key into an USB port and click on the Register button.
  4. Press the button on the security for verification.
  5. If the registration is successful the dialog should switch to reflect the fact that the account is now WebAuthn-enabled. Take out the key and enter the serial number into the Serial # field (optional). Save!

Unassign a security key

Click on the Remove in the WebAuthn tab in the Edit user dialog. Save!

Notes!

  1. It is possible to assign the same security key to more than one user account. This might be practical for persons that have one regular account for daily usage and one account for administrative needs.
  2. The administrator may allow other authentication methods.

Attachments (5)

Download all attachments as: .zip