Used when acting as an IDP and using FIDO2 token as the authentication method. Authentication is done by using a user name and a  pre-enrolled FIDO token.


Name Description Default value Mandatory
idpID The internal identifier of the idp used N/A Yes
pipeID Id of the pipe used to issue the SAML assertion N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient No
loginTemplate UI template used for rendering enduser UI fido2.template No
userNameParamName Parameter where password resides in the incoming request username Yes
strictValidation Whether or not additional validation checks should be made on the SAMLRequest. false No

Example Configuration

    "alias": "fidoauth",
    "name": "FidoAuthenticatorSAML",
    "configuration": {
        "idpID": "idp",


User must have at least one FIDO token enrolled.