README.md

Module 1: Getting Started - Passwordless Workshop Prerequisites and Setup

This section outlines the prerequisites to complete the workshop and instructions for setting up the development environment that you will use throughout the workshop.

Prerequisites

In order to complete this workshop you will need a development environment with the following:

• Git
• JDK 1.8 or later
• Maven 3.2+
• FIDO2 compatible platform / browser
  • MacOS: Safari Technical Preview version 71+
  • Windows 10 Version 1809+: Edge
• A favorite text editor or IDE
• A security key

This workshop can either be completed locally or in the cloud. Instructions for running in the Azure Cloud Shell are included. If you already have a subscription you can use it or you can get a free trial here. If you prefer a different cloud development environment, feel free to use it instead.

Launch Azure Cloud Shell

Skip this step if you are using a local dev environment.

Step-by-step instructions launch Azure Cloud Shell

Please make sure not to use a production Azure environment or account for this workshop. It is recommended to instead use a development account which provides full access to the necessary services so that you do not run into permissions issues.

The Azure account may accrue charges. Be sure to clean up when you are done to prevent the accrual of additional charges.

Try from shell.azure.com by clicking below.

Try from Azure portal using the Cloud Shell icon.

Download Workshop Code

Clone the workshop repository.

git clone https://github.com/YubicoLabs/java-webauthn-passwordless-workshop

Set the Active Spring Profile

1. Change directory to the workshop

cd java-webauthn-passwordless-workshop/initial

2. Open ./src/main/resources/application.properties in your preferred editor. Note: Azure Cloud Shell has an Integrated Cloud Shell Editor. Just run code .
3. Set the spring.profile.active to 'cloud' for cloud development or 'local' to configure the local server for SSL and save the file.

   spring.profiles.active=cloud
   

Troubleshooting

Cannot find path

PS Azure:\> cd java-webauthn-passwordless-workshop
cd : Cannot find path 'Azure:/java-webauthn-passwordless-workshop/initial' because it does not exist.

Use cd $HOME/java-webauthn-passwordless-workshop/initial instead of cd java-webauthn-passwordless-workshop/initial

Generate Self-Signed Certificate for SSL

Skip this step if you are using a cloud dev environment.

WebAuthn requires https so you will need to generate a self-signed certificate if running locally.

Step-by-step instructions (expand if running locally)

1. Create a set of cryptographic keys and store it in the PKCS12 keystore format.

   keytool -genkeypair -alias demo -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ./src/main/resources/keystore/demo.p12 -validity 3650
   
   

2. Update the server ssl keystore password. Open ./src/main/resources/application-local.properties in your preferred editor and replace the server.ssl.key-store-password with the one used in the previous step.

   server.port=8443
   server.ssl.key-store-type=PKCS12
   server.ssl.key-store=classpath:keystore/demo.p12
   server.ssl.key-store-password=changeit
   server.ssl.key-alias=demo
   
   security.require-ssl=true
   

Validate Web App is Working

Run Web App Locally

1. In the initial folder run

   mvn clean package spring-boot:run
   

2. Once the application starts up, point your browser to https://localhost:8443. You should see the home page.
3. Log in with username user and password password

Note: In Safari, you may need to open https://localhost:8443 in a private window.

Run Web App on Azure App Service

Expand for Azure App Service instructions

1. Open the pom.xml in an editor
2. Configure the Maven Plugin for Azure App Service. Update the following placeholders in the plugin configuration:

   <resourceGroup>${RESOURCEGROUP_NAME}</resourceGroup> <!--e.g. PasswordlessWorkshop -->
   <appName>${WEBAPP_NAME}</appName> <!--e.g. MyPasswordlessWebApp -->
   <region>${REGION}</region> <!--e.g. centralus -->
   

3. Deploy the app to Azure
   1. Configure

   mvn clean package azure-webapp:config
   

   1. Build and deploy

   mvn clean package azure-webapp:deploy
   

   Maven will deploy your web app to Azure; if the web app or web app plan does not already exist, it will be created for you.
4. Set HTTPS Only in SSL Settings
   1. Go to the web app listed in App Service
   2. Open SSL settings and set HTTP Only to On
5. Go to the Overview and click the URL. You should see the home page.
6. Log in with username user and password password

Recap

• Use a unique personal or development Azure account that will not interfere with production systems
• Use a single, consistent region throughout this workshop if in a cloud dev environment
• Keep your Azure Cloud Shell opened in a tab at all times

Next

Once you have your development environment fully working, proceed to the next step in the workshop - Credential Repository