WebAuthn​ (Web Authentication), part of the FIDO2 Project, is a web standard published by the W3C that enables strong authentication with public-key cryptography, passwordless authentication, and secure two-factor authentication. The standard defines a JavaScript API which allows token registration and subsequent authentication. The API is implemented in current versions of all major browsers (​ Edge 18+, Firefox 60+, Chrome 67+, Safari 13+, Opera 54+​ ) and is also backwards-compatible with (legacy) U2F tokens.

This activity implements or extends this API into existing open source community products

The goal of this activity is to contribute to the SimpleSAMLphp Webauthn module as well as to develop a new custom module for SATOSA to support 2FA using the WebAuthn API. Resulted modules would be integrated and tested in eduTEAMS (SATOSA) and ELIXIR AAI (SimpleSAMLphp).

Authentication proxies translate between authentication protocols such as SAML2, OIDC, and OAuth2. A proxy receives authentication requests from SPs or RPs and relays them onto IdPs or OPs. If a service requires two-factor authentication, for example, using the REFEDS assurance framework, and the identity provider does not support it, the proxy may perform the second-factor authentication. Two significant open-source examples are SimpleSAMLphp which can serve as an authentication proxy and Python-based​ SATOSA which was explicitly developed as a proxy.

WebAuthn can be used for passwordless authentication or for second-factor authentication to increase users‘ security. As of October 2019, a​ module for SimpleSAMLphp​ is being developed to bring WebAuthn support.

The modules will be submitted to the upstream repositories and later managed by the corresponding communities.