NOTE: The web application to be used by WebAuthn, must apply the HTTPS secure communications protocol (see Using HTTPS).
To configure WebAuthn in web applications
-
Start the Web Designer program.
-
Connect to the relevant database.
-
In the menu bar, click View > Start page.
-
In the toolbar, click Select web application and select the web application you want to use.
-
Click Edit web application settings.
- In the Edit web application settings dialog, in the Authentication module menu, click OAuth 2.0/OpenID Connect.
- In the OAuth pane, in the OAuth 2.0/OpenID Connect configuration menu, click the appropriate identity provider.
- Click OK.
-
In the menu bar, click Edit > Configure project > Web project.
-
In the Configure project view, configure the following configuration keys:
-
VI_Common_RequiresAccessControl: Set this parameter to enable two-factor authentication.
-
VI_Common_AccessControl_WebAuthn_2FA: Specify whether you want to enable WebAuthn two-factor authentication for the web application.
You can configure WebAuthn two-factor authentication and security key management separately. If, for example, you want to only enable management of security keys but not of two-factor authentication with the help of security keys in the web application, do not set this configuration key and set the VI_Common_AccessControl_WebAuthn_2FA_VisibleControls configuration key described below.
-
VI_Common_AccessControl_WebAuthn_2FA_VisibleControls: Specify whether users can manage security keys in the web application.
-
VI_Employee_QERWebAuthnKey_Filter: Specify, which employees can manage security keys in the web application. If you do not enter anything here, all web application users manage the security keys (assuming the VI_Common_AccessControl_WebAuthn_2FA_VisibleControls configuration key is set).
-
VI_Common_AccessControl_WebAuthn_2FAID: Enter a unique identifier for the secondary authentication provider for WebAuthn two-factor authentication. You will find this identifier in your RSTS configuration.
-
In your Internet browser, call the URL of the RSTS administration interface: https://<Webanwendung>/RSTS/admin.
-
On the main page, click Authentication Providers.
-
On the Authentication Providers page, click the appropriate entry.
-
On the Edit page, switch to the Two Factor Authentication tab.
-
Take the ID from the Provider ID field.
-
-