Red Hat Summit第17章 Enabling passkey authentication in IdM environment
The Fast IDentity Online 2 (FIDO2) standard is based on public key cryptography and adds the option of a passwordless flow with PIN or biometrics. The passkey authentication in the IdM environment uses FIDO2 compatible devices supported by the libfido2 library.
The passkey authentication method provides an additional security layer to comply with regulatory standards by including passwordless and multi-factor authentication (MFA) that require a PIN or a fingerprint. It uses a combination of special hardware and software, such as passkey device and passkey enablement in an Identity Management (IdM) environment, to strengthen the security in the environment where data protection plays a key role.
If your system is connected to a network with the IdM environment, the passkey authentication method issues a Kerberos ticket automatically, which enables single sign-on (SSO) for an IdM user.
You can use passkey to authenticate through the graphical interface to your operating system. If your system allows you to authenticate with passkey and password, you can skip passkey authentication and authenticate with the password by pressing Space on your keyboard followed by the Enter key. If you use GNOME Desktop Manager (GDM), you can press Enter to bypass the passkey authentication.
Note that, currently, the passkey authentication in the IdM environment does not support FIDO2 attestation mechanism, which allows for the identification of the particular passkey device.
The following procedures provide instructions on managing and configuring passkey authentication in an IdM environment.
17.1. Prerequisites
- You have a passkey device.
Install the
fido2-toolspackage:# dnf install fido2-toolsSet the PIN for the passkey device:
- Connect the passkey device to the USB port.
List the connected passkey devices:
# fido2-token -LSet the PIN for your passkey device by following the command prompts.
# fido2-token -C passkey_device
-
You have installed the
sssd-passkeypackage.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}