Palestrante
Descrição
This work examines the feasibility of deploying
FIDO2/WebAuthn at UNICAMP to improve both se-
curity and user experience in Single Sign-On (SSO).
We describe the target architecture based on Red Hat
SSO (Keycloak), outline registration and authentica-
tion flows, and assess practical constraints in the cam-
pus environment. In particular, we analyze authenti-
cator options (USB security keys, smartphones, and
platform authenticators) against local limitations such
as the absence of Bluetooth on many university com-
puters and the current Linux workstation landscape.
We consider incremental strategies, including offering
FIDO2 as an optional factor alongside existing meth-
ods, password fallback where necessary, and interop-
erability with established federation approaches already
supported by Red Hat SSO. We conclude with compro-
mise options and a path forward that prioritizes se-
curity, usability, and broad accessibility across UNI-
CAMP’s diverse user base.
