-
One of the following Linux distributions. The installation script is untested on other flavors of Linux but may work with slight modifications.
- RedHat/CentOS/Oracle 7
- Ubuntu 18.04
- Debian 9
- Amazon Linux 2
-
A virtual machine (VM) with a minimum of 10GB space and 4GB memory assigned to it. Some default VMs do not allocate sufficient space and memory, so please verify before getting started.
-
A public fully qualified public domain name (FQDN). It is very important to have a hostname that is at least top-level domain (TLD)+1 (i.e., acme.com, example.org, etc); otherwise FIDO2 functionality may not work.
-
The installation script installs Payara running HTTPS on port 8181, so make sure all firewall rules allow that port to be accessed.
-
SKFS must be installed before the sample service provider web application and sample WebAuthn Java client.
NOTE: If the install fails for any reason, follow the instructions for Removal, below, and restart from the beginning.
-
Open a terminal and change directory to the target download folder.
-
Install wget if it has not been already.
shell> sudo yum install wgetor
shell> sudo apt install wget -
Download the binary distribution file fido2server-v4.4.1-dist.tgz.
shell> wget https://github.com/StrongKey/fido2/raw/master/fido2server-v4.4.1-dist.tgz -
Extract the downloaded file to the current directory:
shell> tar xvzf fido2server-v4.4.1-dist.tgz -
Be sure the machine's FQDN is set as its hostname. This is necessary to properly configure the self-signed certificate for the API. Verify using the following command:
shell> hostnameIf only the machine name is returned, and not the public FQDN, run the following command:
shell> sudo hostnamectl set-hostname <SERVER PUBLIC FQDN>If no DNS is configured for this machine, please run the following command to add an entry to the /etc/hosts file. DO NOT run this if the machine does not have a configured FQDN and is still running as localhost.
shell> echo `hostname -I | awk '{print $1}'` $(hostname) | sudo tee -a /etc/hosts -
Execute the install-skfs.sh script as follows:
NOTE : If you are installing on Ubuntu VM, please make sure you are using bash as your default. If the default is set to sh, please execute
sudo dpkg-reconfigure dashto change the detault to bash before continuing.shell> sudo ./install-skfs.shThe installation script will create a strongkey user account with the home directory of /usr/local/strongkey. All software required for SKFS will be deployed to the /usr/local/strongkey directory and be run by the strongkey user. The default password for the strongkey user is ShaZam123.
-
Using the following command, confirm SKFS is running. The API Web Application Definition Language (WADL) file comes back in response.
shell> curl -k https://localhost:8181/skfs/rest/application.wadl -
To test this SKFS installation of SKFS, check out the Basic Java Sample application or a JAVA proof of concept (PoC) application which also involves user registration using emails.
NOTE: Both the signing and secret keys in the keystore use default values and should be changed after installation is completed. The keystore and the TrustStore are located in /usr/local/strongkey/skfs/keystores. Run the following command from usr/local/strongkey/keymanager to see the usage and syntax for the keymanager tool, then change them both: (The default password for the files is Abcd1234!)
```
shell> java -jar keymanager.jar
```
To uninstall StrongKey FIDO Server, run the following command from the folder where the distribution was extracted:
shell> sudo ./cleanup.sh
This removes all StrongKey files plus the installed dependency packages. If the sample service provider web application and the StrongKey WebAuthn client are installed, they will be removed as well.