Add Allowed Origin

This section describes the operation of adding an allowed origin to the RP.

What is an Allowable Origin?

Origin is a combination of URL scheme (protocol), host (domain), and port number, and is the standard string used by browsers to establish security restrictions. FIDO authentication usually requires that the RP ID (Relying Party ID) match the domain portion of the website origin (e.g., https://example.com). When verifying registration/authentication on the FIDO2ServerService side, by default, it also checks for a domain match between the RP ID and the origin, but this setting is used when you want to allow registration/authentication for websites with domains that differ from some RP IDs. By registering an allowed origin, you can use example.com as your RP ID while logging in to another domain, such as example.co.jp, using the RP credentials.

In addition to the allowed origin setting on the FIDO2ServerService side, the web server of the domain indicated by the RP ID must provide an associated origin information file called .well-known/webauthn for actual use. For more information on the .well-known/webauthn file, please click here.

*Please specify the allowed origin in the form of an origin (e.g., https://example.com) rather than a domain.

Register Allowed Origin

Operation Procedure

Select “RP” from the menu.

  1. From the RP List table, click on the row of the RP you wish to edit to display the RP details. rp click rp click

  2. Click the Register allowed origin button at the upper right of the list of allowed origins. register allowed origin button register allowed origin button

  3. In the Register allowed origin modal, enter the origin.
    register allowed origin modal register allowed origin modal

  4. Click on the Register button. register button register button

  5. Click OK on the confirmation message.

  6. Click OK on the completion message.

  7. Verify that the origin information has been added to the list of allowed origins.