Version 3.1 (2024)

Prev Next

New features and enhancements

New method to upload custom metadata  uaf‑sample 

The FIDO UAF sample web application provides a new loadMetadataFiles() method to load metadata from the resources/metadata folder. You can add custom metadata by copying proper metadata v3 files (JSON) to this folder.

The existing metadata was updated to comply with the v3 format and to include the latest UAF authenticators.

FIDO UAF sample web application adaptions  uaf‑sample 

The FIDO UAF sample web application was extended with a new AppID endpoint, i.e. /fido-app-facets. This new endpoint returns the trusted facets list.

The registration finalize and authentication finalize endpoints were changed. Now, these endpoints expect the respective response input parameter to be provided as string instead of a list, i.e. List<RegistrationResponse> or List<AuthenticationResponse>, respectively.

Software libraries

OneSpan FIDO Universal Server SDK now includes the following (updated) third-party libraries:

  • Bouncy Castle 1.77  uaf    uaf‑sample 
  • SpringBoot 3.1.6  uaf    uaf‑sample 

Web servers

The FIDO UAF sample web application can now be run on the following web application servers:

  • WebSphere 23.0.0.12 or later  uaf‑sample 

Fixes and other updates

Issue OAS-18448: Inconsistencies while validating the Authenticator Attestation ID (AAID)  uaf  

Description: When passing an empty string ("") as the AAID to the deregistration endpoints, the FIDO Universal Server incorrectly accepts the invalid input parameter and completes with an HTTP status code 200.

Status: This issue has been fixed. Passing an invalid AAID now throws a respective exception.