- Requires HTTPS. U2F will fail otherwise
- Allow user to manage registrations through account management console
- Attestation - allow specifying what devices should be supported
- Metadata - allow users to view metadata about registered devices
- Allow admin to view details about registered devices
-
Deploy to Keycloak:
mvn clean install wildfly:deploy
-
Login to admin console and create authentication flow with U2F
- Go to Authentication
- Under Flows select Browser and click Copy
- Remove OTP Form under Copy Of Browser Forms and add U2F in same place
- Mark U2F as optional
- Click Bindings and switch Browser Flow to Copy of browser
- Click Required Actions and Register
- Select Register U2F and click Ok
-
Add
Configure U2Frequired action to admin user- Go to Users
- View all users
- Click admin
- In Required User Actions add Register U2F
-
Logout
-
Login as admin and configure U2F when requested
-
Logout
-
Login again and you should now be requested to touch the U2F token to continue