FIDO

Overview

FIDO stands for Fast IDentity Online. Detailed information about it can be found on the website of the FIDO Alliance. Onegini has support for FIDO UAF using a third-party product. Please note that FIDO support in the Onegini MSP is not included in the standard license, it is licensed separately.

The Onegini SDK is capable of discovering FIDO authenticators that were supplied to your application or were preinstalled on a users device by the vendor. In order to use a FIDO authentication in your app you must first configure your Token Server. After that please follow the Token Server documentation in order to configure FIDO authenticators for your application.

When FIDO authentication is enabled the Onegini SDK performs a "discovery" operation in order to find all possible authenticators. Some authenticators can be preinstalled on the device (for example you can find FIDO-compliant fingerprint authenticators preinstalled on new Samsung devices). Other authenticators like "Samsung's Face and Voice" authenticator or "Eyeverify" can be added as a dependency to your application (please follow the authenticators manual in order to do so). When the authenticator is properly added to the device/app and it was enabled in the client's configuration in the Token Server, the Onegini SDK will be able to discover it and return in methods like UserClient#getAllAuthenticators(), UserClient#getNotRegisteredAuthenticators() etc.

FIDO authenticator

All FIDO authenticators discovered by the SDK will be mapped to the OneginiAuthenticator model in the following way:

  • getType() method will always have the same type (OneginiAuthenticator.FIDO)
  • getId() will return the aaid from the FIDO Authenticator Metadata Statement
  • getName() will return the name that was provided to the authenticator in the FIDO configuration in the Token Server.

Authentication

All discovered FIDO authenticators can be used in a similar manner like PIN and FINGERPRINT authenticators. They can be registered, deregistered or set as preferred authenticator using proper Onegini SDK methods. For details please check OneginiAuthenticator reference guide.