Skip to content

Commit

Permalink
docs: #2840 (#2841)
Browse files Browse the repository at this point in the history
  • Loading branch information
maduvena authored Nov 2, 2022
1 parent 861a065 commit 2aac2ca
Showing 1 changed file with 114 additions and 2 deletions.
116 changes: 114 additions & 2 deletions docs/admin/fido/config.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,119 @@
---
tags:
- administration
- fido
- fido2

---

This page will be the landing page for the Janssen Project admin documentation
### Configuration Parameters of Janssen's FIDO2 server:
| Field named | Example | Description|
|--|--|--|
|issuer| https://my-jans-server.jans.io | URL using the https scheme with no query or fragment component. The OP asserts this as its Issuer Identifier|
|baseEndpoint| https://my-jans-server/jans-fido2/restv1 | Base URL of the FIDO2 server Endpoints |
| cleanServiceInterval | 60| Time interval for the Clean Service in seconds. |
|cleanServiceBatchChunkSize | 10000| Each clean up iteration fetches chunk of expired data per base dn and removes it from storage. |
| useLocalCache | true| Boolean value specifying whether to enable local in-memory cache for attributes, scopes, clients and organization configuration|
| disableJdkLogger |true| Boolean value specifying whether to enable JDK Loggers |
|loggingLevel | "INFO" or "TRACE" or "DEBUG" | Logging level for FIDO2 server|
|loggingLayout |"text" or "json"|Contents of logs as plain text or json format|
|externalLoggerConfiguration||Path to external log4j2 logging configuration|
|metricReporterInterval|300|The interval for metric reporter in seconds.|
|metricReporterKeepDataDays|15|The number of days to retain metric reported data in the system|
|metricReporterEnabled| true |Boolean value specifying whether to enable Metric Reporter|
| personCustomObjectClassList | ["jansCustomPerson", "jansPerson" ] |LDAP custom object class list for dynamic person enrollment.|
|fido2Configuration|See JSON contents in the below example | FIDO2 Configuration |
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert |Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert |MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc |MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices.|
|requestedCredentialTypes|["RS256","ES256"]| |
| requestedParties| [{"name":"https://my-jans-server.jans.io","domains":["my-jans-server.jans.io"]}]| Requested party name.|
|userAutoEnrollment |false|Allow to enroll users on enrollment/authentication requests.|
|unfinishedRequestExpiration| 180|Expiration time in seconds for pending enrollment/authentication requests|
|authenticationHistoryExpiration|1296000|Expiration time in seconds for approved authentication requests.|

### Configuring the FIDO2 server:
#### 1. Read Configuration parameters:

Use the following command to obtain configuration parameters:

`/opt/jans/jans-cli/config-cli.py --operation-id get-properties-fido2`

Response:
```
{
"issuer":"https://.jans.io",
"baseEndpoint":"https://my-jans-server.jans.io/jans-fido2/restv1",
"cleanServiceInterval":60,
"cleanServiceBatchChunkSize":10000,
"useLocalCache":true,
"disableJdkLogger":true,
"loggingLevel":"INFO",
"loggingLayout":"text",
"externalLoggerConfiguration":"",
"metricReporterInterval":300,
"metricReporterKeepDataDays":15,
"metricReporterEnabled":true,
"personCustomObjectClassList":[
"jansCustomPerson",
"jansPerson"
],
"fido2Configuration":{
"authenticatorCertsFolder":"/etc/jans/conf/fido2/authenticator_cert",
"mdsCertsFolder":"/etc/jans/conf/fido2/mds/cert",
"mdsTocsFolder":"/etc/jans/conf/fido2/mds/toc",
"serverMetadataFolder":"/etc/jans/conf/fido2/server_metadata",
"requestedCredentialTypes":[
"RS256",
"ES256"
],
"requestedParties":[
{
"name":"https://my-jans-server.jans.io",
"domains":[
"my-jans-server.jans.io"
]
}
],
"userAutoEnrollment":false,
"unfinishedRequestExpiration":180,
"authenticationHistoryExpiration":1296000
}
}
```


#### 2. Update configuration parameters:
Steps:
A. Create a JSON file say `/tmp/config_values.json` by editing the JSON from Point 1
B. Use the following command
`/opt/jans/jans-cli/config-cli.py --operation-id post-config-scripts --data /tmp/config_values.json`

#### 3. Change log level of FIDO2 server
Steps:
A. Create a JSON file say `/tmp/config_values.json` by editing the JSON from Point 1. Edit `loggingLevel` to `TRACE` or `DEBUG` or `INFO`
B. Use the following command
`/opt/jans/jans-cli/config-cli.py --operation-id put-properties-fido --data /tmp/config_values.json`

#### 4. Locating FIDO2 configuration in Persistence Layer

While it is not recommended that an administrator directly edits a configuration at the persistence layer, it may be useful information for a developer.

##### A. MySQL
```mermaid
erDiagram
jansAppConf {
string doc_id PK ""
string ou "jans-fido2"
string jansConfDyn "json configuration for the app"
}
```

##### B. LDAP

```mermaid
graph LR
A[ou=jans] --> V(ou=configuration)
V --> V5[ou=jans-fido2]
```

0 comments on commit 2aac2ca

Please sign in to comment.