FIDO2

The fido2viewer – a free FIDO2 debugging utility

Share this post:

Those of you who have been reading my recent series of blog posts will realize that I’ve been spending a great deal of time working on FIDO2 and WebAuthn related technologies. As part of this effort which has been in progress on and off for more than 12 months now, I put together a debugging utility that unpacks the common WebAuthn data structures that are passed between the browser and a WebAuthn relying party – such as ISAM which I’ve blogged about in my last few articles.

As a give-back to the general FIDO2 and WebAuthn development community I have released this debugging utility as open source – available on github.com here:

https://github.com/sbweeden/fido2viewer

The readme contained in the repository goes over all the basic usage of the tool. The tool runs entirely in client-side javascript, so no, I won’t be capturing any of your message data! It contains a couple of embedded test payloads that I’ve captured from interactions with IBM’s access management demonstration site (https://verify.securitypoc.com), however I know that these same payload formats are in common use with other WebAuthn relying parties as well.

So, who would use this tool, and why?

The primary target audience is other developers and educators working on FIDO-enabled systems (both IBM’ers and in general), our support team, and interested customers and business partners that really want to understand a little more about the detailed contents of message payloads that are generated (via the browser) on FIDO authenticators and are then sent to relying parties for either registration (attestation) or login (assertion) processing and validation.

When used in conjunction with the WebAuthn specification, and other Introduction to Web Authentication sites and articles, I hope the fido2viewer debugging utility will allow interested persons to quickly and easily understand what the underlying data elements of FIDO messages actually look like, and aid in debugging issues with FIDO-enabled systems. It has certainly been of help to me as we at IBM have been building out our own relying party systems!

More FIDO2 stories

Cloud Identity FIDO2 – Consuming FIDO2 as-a-service from IBM Cloud Identity

This article introduces a free, open-source sample application which demonstrates how an external FIDO2 relying party can consume IBM Cloud Identity APIs as-a-service. The application has been written in Node.js and leverages a range of API calls from IBM Cloud Identity (CI) including: User Management FIDO2 APIs OAuth and OpenID Connect Integration The application has […]

Continue reading

FIDO2 for IoT – A hobby project

In our work at IBM building FIDO2 services for both on-premise (IBM Security Access Manager) and cloud (IBM Cloud Identity) offerings, we have been looking at scenarios for using FIDO2 authentication technology beyond the mainstream use case of browser-based authentication with WebAuthn. One scenario we decided to experiment with is FIDO2 for IoT devices – […]

Continue reading

Branching Authentication Policy in ISAM Advanced Access Control

ISAM’s advanced access control authentication policies and mechanisms provide a very flexible way to manage the user authentication experience. There are a large number of out-of-the box authentication mechanisms such as delivered OTP (sms/email), TOTP, HOTP, IBM Verify (mobile push), knowledge questions, FIDO U2F and more. Additionally you can roll-your-own with the javascript+html based InfoMap […]

Continue reading