Version 3.1 (2024)

The FIDO UAF sample web application provides a new loadMetadataFiles() method to load metadata from the resources/metadata folder. You can add custom metadata by copying proper metadata v3 files (JSON) to this folder.

The existing metadata was updated to comply with the v3 format and to include the latest UAF authenticators.

The FIDO UAF sample web application was extended with a new AppID endpoint, i.e. /fido-app-facets. This new endpoint returns the trusted facets list.

The registration finalize and authentication finalize endpoints were changed. Now, these endpoints expect the respective response input parameter to be provided as string instead of a list, i.e. List<RegistrationResponse> or List<AuthenticationResponse>, respectively.

OneSpan FIDO Universal Server SDK now includes the following (updated) third-party libraries:

• Bouncy Castle 1.77  uaf    uaf‑sample 
• SpringBoot 3.1.6  uaf    uaf‑sample 

The FIDO UAF sample web application can now be run on the following web application servers:

• WebSphere 23.0.0.12 or later  uaf‑sample 

Description: When passing an empty string ("") as the AAID to the deregistration endpoints, the FIDO Universal Server incorrectly accepts the invalid input parameter and completes with an HTTP status code 200.

Status: This issue has been fixed. Passing an invalid AAID now throws a respective exception.