http://wso2.com/library/webinars/2016/05/wso2-identity-server-adding-hardware-security-module-without-breaking-the-bank/
This webinar will discuss
Improving security using the WSO2 Identity Server (WSO2 IS) with FIDO U2F and a YubiHSM
Enabling FIDO U2F strong authentication support in WSO2 IS 5.1 to repair user IDs and passwords
Easily integrating YubiHSM into the WSO2 IS to strengthen password hashes used for authentication
Using YubiHSM within WSO2 IS computes hashes and produces local salts within this secure environment
Using YubiHSM and WSO2 IS to set a high bar for securing secrets without breaking the bank
3. 3
• Premier Partner of WSO2
• Global Organiza0on
• Offices in the Netherlands, Germany,
Belgium, United Kingdom and United
States
• Experts is Integra0on Solu0ons
• Experts in a ‘Connected Business’
• WSO2 project & consultancy services
• WSO2 support services:
• Product Support
• Development Support
• Opera0onal Support
• WSO2 Training services
• Enterprise & Solu0on Architecture
Who we are What we deliver
More info about us and our pre-build (WSO2) solu0ons: www.yenlo.com
19. HSM for Iden0ty server
o Crea0ng a custom user store manager
protected String preparePassword(String password, String saltValue)
throws UserStoreException {
int keyHandle = 12337; // The key to use in the YubiHSM (0x3031)
// Instance of YubiHSM
YubiHSM hsm = new YubiHSM();
// Generate HmacSHA1 for password
String newPassword = hsm.generateHMACSHA1(password, keyHandle,
true, false).get("hash");
return newPassword;
}
28