From 293281c41591db3361796206ac8f618c4cafda16 Mon Sep 17 00:00:00 2001 From: Michiel Kodde Date: Mon, 8 Apr 2024 15:29:28 +0200 Subject: [PATCH] Update documentation --- docs/deployment.md | 6 ++---- docs/development.md | 29 +++++++++++++++++------------ 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/docs/deployment.md b/docs/deployment.md index e52ac3c9..49953ed4 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -14,9 +14,7 @@ Install (with build archive) ### 1. Copy and configure the configuration files -```cp .env.dist .env``` - -```cp config/packages/parameters.yml.dist config/packages/parameters.yml``` +```cp config/openconext/parameters.yml.dist config/openconext/parameters.yml``` ### 2. Create archive @@ -45,7 +43,7 @@ Install (without build archive) ```cp .env.dist .env``` -```cp config/packages/parameters.yml.dist config/packages/parameters.yml``` +```cp config/openconext/parameters.yml.dist config/openconext/parameters.yml``` ```composer dump-env prod``` diff --git a/docs/development.md b/docs/development.md index 11cecdf9..f19db526 100644 --- a/docs/development.md +++ b/docs/development.md @@ -24,8 +24,23 @@ If everything goes as planned you can develop inside the virtual machine ``` docker exec -it stepup-webauthn-1 bash ``` +### 2. Prepare the MetadataStatementService +We use the Fido JWS MDS Blob file to verify if Webauthn tokens are trustworthy. Here we follow the principle. If a +token is verified by Fido and has at least a level 1 score. The token is good enough for us. -### 2. Build frontend assets: +2 files need to be present in the `config/openconext/mds` folder. They are: + +```config/openconext/mds/blob.jwt``` +```config/openconext/mds/fido2-mds.cer``` + +The blob containing the registry of metadata statements can be found here: https://fidoalliance.org/metadata/ (see the Obtaining blob section) + +The Blob file is signed by the FIDO Alliance. To verify the signature we need the appropriate certificate. This certificate is not downloaded on demand, but we +also track it. This is the location the cert can be found on the fido page linked in the paragraph above. Also in the Obtaining blob section. + +The provided dist files should result in a working application. But might not work with brand-new tokens. + +### 3. Build frontend assets: ``` yarn ``` @@ -33,23 +48,13 @@ If everything goes as planned you can develop inside the virtual machine ``` ./bin/console assets:install ``` -### 3. Create configuration files +### 4. Create configuration files Copy and configure: - -```cp .env.dist .env``` ```cp config/openconext/parameters.yaml.dist config/openconext/parameters.yaml``` -### 4. Create database -``` - bin/console doctrine:migrations:migrate -``` - If everything goes as planned you can go to: [https://webauthn.dev.openconext.local](https://webauthn.dev.openconext.local) -### Development - -All frond-end logic is written in sass and typescript. You can run a watcher to update these automatically