mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-11 02:15:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
nginx-ui/docs/guide/config-webauthn.md

41 lines
2.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Webauthn
Webauthn is a web standard for secure authentication. It allows users to log in to websites using biometrics, mobile devices, and FIDO security keys.
Webauthn is a passwordless authentication method that provides a secure and easy-to-use alternative to passwords.
Since `v2.0.0-beta.34`, Nginx UI has supported Webauthn passkey as a login and 2FA method.
## Passkey
Passkeys are webauthn credentials that validate your identity using touch, facial recognition, a device password, or a PIN. They can be used as a password replacement or as a 2FA method.
## Configurations
To ensure security, Webauthn configuration cannot be added through the UI.
Please manually configure the following in the app.ini configuration file and restart Nginx UI.
### RPDisplayName
- Type: `string`
This option is used to set the display name of the relying party (RP) when registering a new credential.
### RPID
- Type: `string`
This option is used to set the ID of the relying party (RP) when registering a new credential.
### RPOrigins
- Type: `[]string`
This option is used to set the origins of the relying party (RP) when registering a new credential.
Afterward, refresh this page and click add passkey again.
Due to the security policies of some browsers, you cannot use passkeys on non-HTTPS websites, except when running on `localhost`.
## Detail
1. **Automatic 2FA with Passkey:**
When you log in using a passkey, all subsequent actions requiring 2FA will automatically use the passkey. This means you wont need to manually click “Authenticate with a passkey” in the 2FA dialog box.
2. **Passkey Deletion:**
If you log in using a passkey and then navigate to Settings > Authentication and delete the current passkey, the passkey will no longer be used for subsequent 2FA challenges during the current session. If Time-based One-Time Password (TOTP) is configured, it will be used instead; if not, 2FA will not be triggered.
3. **Adding a New Passkey:**
If you log in without using a passkey and then add a new passkey via Settings > Authentication, the newly added passkey will be prioritized for all subsequent 2FA actions during the current session.
Reference in a new issue View git blame Copy permalink