ForgeRock SDKs

Node configuration

To use mobile biometrics with Android SDK, the nodes in AM require specific configurations:

  1. In both the WebAuthn Registration and WebAuthn Authentication nodes, the Return challenge as JavaScript option must be disabled.

  2. In the WebAuthn Registration node, the Authentication attachment must be either UNSPECIFIED, or PLATFORM.

  3. In the WebAuthn Registration node, the Accepted signing algorithms must include ES256 or RS256.

  4. In the WebAuthn Registration node, the Limit registrations options must be disabled.

  5. In both the WebAuthn Registration and WebAuthn Authentication nodes, the Origin domains must include android:apk-key-hash:base64-encoded-sha256-hash-of-apk-signing-cert for AM 7.1 and later.

    Use the following command to generate the base64-encoded-sha256-hash-of-apk-signing-cert hash:

    keytool -exportcert -alias <your key alias> -keystore <your keystore file> | openssl sha256 -binary | openssl base64 | tr '/+' '_-' | tr -d '='
  6. In both the WebAuthn Registration and WebAuthn Authentication nodes, the Relying party identifier must be the domain hosting the assetslinks.json file.

Copyright © 2010-2022 ForgeRock, all rights reserved.