java-webauthn-server
windows-fido-bridge
| java-webauthn-server | windows-fido-bridge | |
|---|---|---|
| 4 | 1 | |
| 429 | 114 | |
| 1.4% | - | |
| 8.5 | 0.0 | |
| about 1 month ago | over 1 year ago | |
| Scala | C++ | |
| GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
java-webauthn-server
-
A Passwordless Future! Passkeys for Java Developers
java-webauthn-server: A library from Yubico that supports many attestation format. But it is not 100% FIDO2 conformant.
-
Is there any way to allow login with a Yubikey across multiple domain names (explanation inside)
I have some example code here: https://github.com/Yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/webapp/index.html
- What's the state of WebAuthn for Java? Has anyone had to implement WebAuthn for one of their projects?
-
Software and drivers
If you need them to use one of a set of trusted authenticator models, then you need attestation. Your authentication servers will need to compile a set of acceptable attestation root certificates, and require that all enrolled credentials have a valid attestation statement that correctly chains to one of those trusted root certificates. Yubico provides libraries to help with this for Python and Java You can provide the devices or let users self-source one on the list of acceptable models. Your webapp will also need to guide users to use the correct authenticator if they attempt to use an untrusted one. Note that this will only let you verify an authenticator model, not individual YubiKeys (i.e., not on serial number level).
windows-fido-bridge
-
Tell HN: GitHub no longer supporting unauthenticated `git://`
> Because AFAIK, (Fido) yubikey support is still missing.
Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.
Alternatively, use these build instruction for openssh with FIDO for windows:
https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...
> Using either the PKCS#11 support or the gpg applet requires some extra piece of software
For those wanting to do that, here are some ways:
Using a premade dll:
https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...
Or with a middleware:
https://github.com/mgbowen/windows-fido-bridge
Using the Hello API:
https://github.com/tavrez/openssh-sk-winhello
Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.
What are some alternatives?
webauthn4j - A portable Java library for WebAuthn(Passkeys) server side verification
wsl2-ssh-pageant - bridge between windows pageant and wsl2
webauthn4j-spring-security - WebAuthn4J Extension for Spring Security
Win32-OpenSSH - Win32 port of OpenSSH
webauthn-json - 🔏 A small WebAuthn API wrapper that translates to/from pure JSON using base64url.
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
akka-http-session - Web & mobile client-side akka-http sessions, with optional JWT support
WSL-Context-Menu-Manager - Manages the context menu for your Linux tools in WSL/WSL2 for Windows.
WSL-DistroLauncher - Sample/reference launcher app for WSL distro Microsoft Store packages.
git-credential-manager - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
LFTP4WIN - lftp for Windows - Windows task scheduler automation with push notifications via WinSCP custom commands.