FIDO2 for IoT – A hobby project

In our work at IBM building FIDO2 services for both on-premise (IBM Security Access Manager) and cloud (IBM Cloud Identity) offerings, we have been looking at scenarios for using FIDO2 authentication technology beyond the mainstream use case of browser-based authentication with WebAuthn. One scenario we decided to experiment with is FIDO2 for IoT devices – […]

Continue reading

The fido2viewer – a free FIDO2 debugging utility

Those of you who have been reading my recent series of blog posts will realize that I’ve been spending a great deal of time working on FIDO2 and WebAuthn related technologies. As part of this effort which has been in progress on and off for more than 12 months now, I put together a debugging […]

Continue reading

ISAM FIDO2 – Using the FIDO2 server endpoints

This article is the fourth in a technical series on configuring and using FIDO2 capabilities in ISAM 9.0.7. If you haven’t already done so, please work through these previous articles as the information and system that is prepared as part of them will be assumed knowledge when reading this one… Part 1 – FIDO2 in […]

Continue reading

ISAM FIDO2 – Metadata and registration policy enforcement

This article is the third in a technical series on configuring and using FIDO2 capabilities in ISAM 9.0.7. If you haven’t already done so, please read and complete the exercises in my first and second FIDO2 technical articles as here I’ll be picking up where the second article left off. What authenticator is that? Let’s take […]

Continue reading

ISAM FIDO2 – Usernameless login and Mediators

This article is the second in a technical series on configuring and using FIDO2 capabilities in ISAM 9.0.7. If you haven’t already done so, please read and complete the exercises in my first FIDO2 technical article as here I’ll be picking up where that one left off. Configuring a credential viewer Anyone working with ISAM […]

Continue reading

FIDO2 in less than 15 minutes with ISAM 9.0.7

In this article I’m going to show you how to configure FIDO2 on ISAM and get simple WebAuthn registration and authentication flows working. The pre-requisite is that you have an ISAM 9.0.7 system with a web reverse proxy and advanced access control configured and working. From there our 15 minute goal to getting FIDO2/WebAuthn running […]

Continue reading

ISAM 9.0.7 brings commercial FIDO2 service and more

This week I am excited to share that IBM has just released the latest version of IBM Security Access Manager (version 9.0.7.0). As usual, the best place to find out what’s new, is the What’s new in this release page, however two things stand out as significant new features: FIDO2 and WebAuthn authentication services API-friendly […]

Continue reading

FIDO2 Conformance – why it’s a big deal

I was fortunate to recently find myself amongst the first round of server vendor participants to take a product through FIDO2 certification, and that’s what today’s article is really all about. IBM’s authentication platforms, which include both on-premise (ISAM) and cloud-based (IBM Cloud Identity) offerings, are the perfect vehicle to bring this new era of […]

Continue reading

Branching Authentication Policy in ISAM Advanced Access Control

ISAM’s advanced access control authentication policies and mechanisms provide a very flexible way to manage the user authentication experience. There are a large number of out-of-the box authentication mechanisms such as delivered OTP (sms/email), TOTP, HOTP, IBM Verify (mobile push), knowledge questions, FIDO U2F and more. Additionally you can roll-your-own with the javascript+html based InfoMap […]

Continue reading