- authorize to radius using fingerprint or fido u2f, FIDO2 (yubikey or analogs).
- Password sync with access token(if token expired then password also expired)
- during refresh token, session password will be updated.
- build and run keycloak (select one of installation)
1.1 docker installation
1.2 release installation
docker run -p 8090:8080 -p1812:1812/udp -p1813:1813/udp -e JAVA_OPTS="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true" -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -v `pwd`/.:/example -e KEYCLOAK_IMPORT=/example/realm.json vassio/keycloak-radius-plugin start-dev- download and unzip keycloak-radius.zip (https://github.com/vzakharchenko/keycloak-radius-plugin/releases) - unzip keycloak-radius.zip -d keycloak-radius - cd keycloak-radius - sh bin/standalone.sh -Dkeycloak.profile.feature.upload_scripts=enabled -c standalone.xml -b 0.0.0.0 -Djboss.bind.address.management=0.0.0.0 --debug 8190 -Djboss.http.port=8090
1.3 Develop installationsudo apt-get install net-tools # Only once cd keycloak ./init.sh # Only once ./buildAndStart.sh
- open http://localhost:8090/auth/ and initialize master realm with login/password.
- open Administration Console
- import realm from file realm.json
- install example
cd Examples/WebAuthnJSExample npm i node server.js
- open http://localhost:3000/
- type username(user)
- register your fingerprint or security key (Yubikey or analogs)
- click the "connect To Radius Server"
