Configuring a FIDO Universal 2nd Factor authentication mechanism

The FIDO Universal 2nd Factor authentication mechanism prompts the user to sign a random challenge string with a FIDO Universal 2nd Factor token provided during the authentication flow.

1. Log in to the local management interface.
2. Click Secure Access Control.
3. Under Policy, click Authentication.
4. Click Mechanisms.
5. Click FIDO Universal 2nd Factor.
6. Click Modify.
7. Click the Properties tab.
   1. Select a property that you want to configure.
   2. Click Modify.
   3. Enter the value for that property.
   4. Click OK.
8. Take note of the properties for the mechanism.

   Application ID

   The protocol, hostname, and port that the user will use to attempt authentication.

   Default value: https://webseal.com

   Valid values: String, valid URL

   Attestation Type

   The type of certificate attestation validation to perform. Specify None to not perform certificate attestation validation. Specify Keystore to perform certificate attestation validation using the keystore configured in attestationSource. Specify JWKS to perform certificate attestation validation using the JSON Web Key Set configured in attestationSource.

   Default value: None

   Valid values: None, Keystore, JWKS

   Attestation Source

   The keystore or key set to use for certificate attestation validation. Either the name of the keystore on the appliance, or the URL for a JSON Web Key Set.

   Default value: No default value

   Valid values: String

   Attestation Enforcement

   The level of enforcement of certificate attestation validation. When you specify Required, certificate attestation validation is required, and requests that fail validation will return a validation error. When you specify Optional, certificate attestation validation is performed, but requests that fail validation will not return an error.

   Default value: Required

   Valid values: Required, Optional

9. Click Save.