The StrongKey FIDO Server (SKFS) is StrongKey's open-source FIDO Certified® server implementation of the FIDO/WebAuthn authentication protocol. The distribution and source can be found at https://sourceforge.net/projects/strongkeyfido.

SKFS is designed to serve enterprises with unique needs:

• It is NOT designed to be operated in the public cloud for security reasons. There are certain gaps in the FIDO protocol that make it possible for the FIDO server to be compromised, thereby enabling attackers to authenticate to another person's account with their own credential. It can, however, be tested within a cloud virtual machine as a demo or a proof-of-concept;
• It supports high-availability and disaster recovery as a standard feature; need anything more be said?
• It supports defining FIDO policies that can enforce specific enterprise requirements without concern for what web developers might program into their applications;
• It is integrated with FIPS 140-2 Level 2 cryptographic hardware as a standard feature (on the StrongKey Tellaro appliance), with FIPS 140-2 Level 3 cryptographic hardware available as an option;
• It comes with built-in SAML and JWT single sign-on capability, so you don't have to maintain multiple infrastructures for authentication and authorization;
• It supports SOAP and REST webservice APIs so you don't have to wrestle with what you don't want;
• It supports integration with an enterprise's LDAP Directory server - whichever they may be;
• It supports Transaction Confirmation when used with the StrongKey Android Client Library (SACL);
• It supports integration with an enterprise Public Key Infrastructure (PKI); users with digital certificates can be authenticated with TLS ClientAuth and enabled to register FIDO credentials without coming in for an identity verification.