Upgrade doc for U2F deprecation (#2695)
This commit is contained in:
parent
73046867e6
commit
bf29da2a4d
|
@ -34,6 +34,16 @@ Security
|
|||
|
||||
* **CVE-2021-40874**: RESTServer pwdConfirm always returns true with Combination + Kerberos (see `issue 2612 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612>`__)
|
||||
|
||||
|
||||
U2F deprecation in Chrome 98
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Chrome 98 `removed U2F support by default <https://developer.chrome.com/blog/deps-rems-95/#deprecate-u2f-api-cryptotoken>`__. You can enable them back temporarily in ``chrome://flags`` by setting *Enable the U2F Security Key API* to *Enabled* and *Enable a permission prompt for the U2F Security Key API* to *Disabled*
|
||||
|
||||
LemonLDAP::NG provides a newer alternative: :doc:`webauthn2f`, which is compatible with U2F security keys. Please read :ref:`migrateu2ftowebauthn` for instructions on how to convert U2F secrets to WebAuthn.
|
||||
|
||||
After migration, you will need to disable U2F from the configuration and enable WebAuthn instead, in *General Parameters* » *Second Factors* » *WebAuthn*
|
||||
|
||||
Weak encryption used for password-protected SAML keys
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -16,6 +16,16 @@ Currently, we implement:
|
|||
* Device registration without attestation validation (attestation type: *None*)
|
||||
* Authentication as a second factor with the registered device
|
||||
|
||||
Requirements
|
||||
~~~~~~~~~~~~
|
||||
|
||||
You need to install the `Authen::WebAuthn` CPAN module for WebAuthn to work on
|
||||
your LemonLDAP::NG installation. If there is no package for it in your
|
||||
distribution, you can install it with:
|
||||
|
||||
```
|
||||
cpanm Authen::WebAuthn
|
||||
```
|
||||
|
||||
Configuration
|
||||
~~~~~~~~~~~~~
|
||||
|
@ -38,6 +48,9 @@ Configuration
|
|||
the choice screen
|
||||
- **Logo** (Optional): logo file *(in static/<skin> directory)*
|
||||
|
||||
|
||||
.. _migrateu2ftowebauthn:
|
||||
|
||||
Migrating existing U2F devices
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
Loading…
Reference in New Issue