Configure a FIDO Universal 2nd Factor authentication mechanism

Configure a FIDO Universal 2nd Factor authentication mechanism

The FIDO Universal 2nd Factor authentication mechanism prompts the user to sign a random challenge string with a token provided during the authentication flow.
Log in to the local management interface and go to:
AAC > Policy > Authentication > Mechanisms FIDO Universal 2nd Factor > Modify > Properties tab > property > Modify

Enter the value for that property and click OK

Property Description Default Valid values
Application ID The protocol, hostname, and port the user will use to attempt authentication. https://webseal.com String, valid URL
Attestation Type

None Do not perform validation.
Keystore Validate using keystore configured in attestationSource.
JWKS Validate using JSON Web Key Set configured in attestationSource.
None None, Keystore, JWKS
Attestation Source - Name of the keystore on the appliance
- URL for a JSON Web Key Set No default value String
Attestation Enforcement

Required Validation is required. Requests that fail validation will return a validation error.i
Optional Validation is performed Requests that fail validation will not return an error.
Required Required, Optional

What to do next
Deploy changes to the mechanism.
Parent topic: Authentication
Related information

Authentication policy parameters and credentials