PhenixID Fido2 Enrollment

Start guide

PhenixID Fido2 Enrollment portal allow users to activate themselves for strong authentication with Fido2. The activation portal reduces user interaction to an absolute minimum.

In this guide you will configure:

  • Fido2 enrollment portal

Start the guide by clicking the '+' sign next to Fido enrollment

Guide steps

You navigate the guide using the previous and next buttons at the bottom of the page. You can also choose to cancel the guide at any time (information entered will be lost).

Guide steps

Application settings

Set a name for the enrollment portal and optionally a description.

Then select a http connection. For Fido2 only https connections so only secure connections will be available in the select menu. Fido also requires a hostname, it will not work navigating directly to an ip-address (localhost will work, 127.0.0.1 will not work). 

Select a keystore to sign messages. This is used for saml 2 authentication in to the portal.

Then choose the uri for the application. The http connection plus this uri will be the url to access the portal.

Also select an idp to use when logging in to the portal.

Summary

Click Create to complete the scenario.

The activation portal can now be found at the URI displayed below.

Example:
https://dnsnameofPhenixIDServer:8443/activatefido

Enrollment portal

Log in to the portal through the identity provider selected in the guide.

When logged in, enrollment can be made for Fido2.

Edit guide configuration

You can edit and delete your fido2 enrollment configuration by selecting it in the lefthand menu.

When you click save, the configuration will be updated and the server will instantly restart affected components to apply your changes.

Delete removes all configuration created by the guide but not shared components (i.e components that could be used by other configurations like connections).

Edit guide configuration

General

General application settings.

  • Name: Logical name of application (displayed in left side menu).
  • Description: Application description
  • Http configuration: Http connection to use to access the application.
  • URI: The http context (path) to the application. Must be unique in the current configuration (i.e not in use by another application) and start with a '/'
  • Saml sp acs url: The SAML Service provider url for the application
  • View saml sp meta: A link to view the meta data for the SAML Service provider for the application
  • Created: Timestamp when configuration was created
  • Scenario id: internal identification

Authentication methods

Under authentication methods settings it is possible to add more authentication methods to the application.