Product Documentation
Minimal security policy:
- Accepts any hardware authenticator
- Requires user presence
- Prefers user verification
- Accepts either ECDSA or RSA
- Cannot use SELF attestation format
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "MinimalPolicy",
"copyright": "",
"version": "1.0",
"startDate": "1695927654",
"endDate": "1760103870871",
"system": {
"did": 1,
"requireCounter": "optional",
"integritySignatures": false,
"userVerification": ["required", "preferred", "discouraged"],
"userPresenceTimeout": 0,
"allowedAaguids": ["all"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["RS256", "RS384", "RS512", "PS256", "PS384", "PS384"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["none", "indirect", "direct", "enterprise"],
"formats": ["fido-u2f", "packed", "tpm", "android-key", "android-safetynet", "apple", "none"]
},
"registration": {
"displayName": "required",
"attachment": ["platform", "cross-platform"],
"discoverableCredential": ["required", "preferred", "discouraged"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey",
"serialnumber": "153089208",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIECR/0uDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1MzU1WhcNMjQwOTI1MTg1MzU1WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAKdMCnmZ/QMfHWufIV9aA49xGI7ImKiT2YjQBoswqNWEY+63pxukjRr14SA2vJ/tKdafI5Yx3dlVMgTad/3az0HsADjg8AVyRdF+1dC6CStNLl+cFqYjkKa16XinFWo8TEuYE/ZfWSbebYBjnvCz1fopXIBHSeSiTRyoL3nswxgesyQOjQjBAMB0GA1UdDgQWBBRHI2A4EbhscyMAfNIws12mutbMxzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJBKRVNRJyocSeCKTWbACpu5O9XVSsvG0mlKuQdHzJ1AL80qB5Cia/WGr4t51lDdi8EEsBO7p08/dgzjhZFe+Yn0fkCQgGEh1ZA41umC5bsaofCAylskT7UT+rkpzhitztutiZRoyJFOTJo9oRTZxl/PZ1tTCoDNvnNkPuyw9a4GzhDAAUlSw==-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "1256093574",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIESt53hjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NDA2WhcNMjQwOTI1MTg1NDA2WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLTURd8bQRmtA71rfAPDyAzGEX/Dl4WDl3E5b1n6BfZz5zoiEzyDj11l7rZ0tuuLiKyay1BxyhBVPzMA+UiDKEGjQjBAMB0GA1UdDgQWBBROqA0rKTnzRGCNH6l0l7VbaVrNcjAfBgNVHSMEGDAWgBRHI2A4EbhscyMAfNIws12mutbMxzAMBggqhkjOPQQDBAUAA4GLADCBhwJCARrWsDf7hfwTMg9ToLyhcV5s3d4PGCdoD4LUGWhD2Mmb94nQkeGoTSM+G7yzvf3pwQZiKydcGvXLsr/fJJ+5nfXuAkEkw4PFEfd5zzzRgMzUAxK4Mb/QNwCbLKIIAtUymHAiEzga9d2komcTmyZ7LpXvRPPbzQsQwmlRcEMAZg7OHCtcHw==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey",
"serialnumber": "1911028544",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEcef7QDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NDIzWhcNMjQwOTI1MTg1NDIzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPp1J1YmJvTQch4beoPi01BXy5NZ4G0xkm5K1Joi93mj9hcKTR0hc3ekFra4zVxBk6spxAIrjQsxdQmdTMze6o2jQjBAMB0GA1UdDgQWBBTR7k5O3Y6OEx9QcO4daVpcd6YuZTAfBgNVHSMEGDAWgBRHI2A4EbhscyMAfNIws12mutbMxzAMBggqhkjOPQQDBAUAA4GMADCBiAJCANsYPYXS1O5i8KjhDoUlb4pj2Ibw1ykBbMWY52qbHKvguGJfk80SZ/hiIQ8KoWbvoCt7em78+TTUQvurxnHMug/cAkIBJfnmS5NoAU1VnA7a0nClJAAPLUdxT3NOXka/AI5JAjcJ/k2oWt/FbRneaA0Pfvna1T5Xp64PCIn+DWu9Ay9h0C0=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey",
"serialnumber": "652695544",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEJudX+DAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NDQwWhcNMjQwOTI1MTg1NDQwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA60nfJKCWOicsRbnciiFcWbXRO6fLzCXdFWWb1Ko5kCrxDXMunG/ABd9sEm1R1bFATf9vxbFCvPMJ9AskRsSLCjQjBAMB0GA1UdDgQWBBQfaHUHq1EYAI7NFhDsEOu4NWKZIDAfBgNVHSMEGDAWgBRHI2A4EbhscyMAfNIws12mutbMxzAMBggqhkjOPQQDBAUAA4GLADCBhwJCAJ4T3pq3uzgGR8BUfquN8UqZmc3InvWRWXc5KrUllNGVWCElF1JC48+23I7gccZ38ZWGJZ2wHVgxGFb4VsQGmY5QAkFcW/KTZRRGYCdwOL58D084YhT1PapQKWCf9KaUQ8NOeZ3RUhujNQ7Knp8QiDRrgg4fKzYOhNOX5Lr07owFS8rk0A==-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "888520634",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIENPW/ujAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMjI2WhcNMjQwOTI1MTkwMjI2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkj5t+TSvE9SyZ7jETWscm6NVg/scU10Tqk9MnF5Y+/PZeCCMA5jWi8ahc47uq9uXyTUiHjX8uO3YNXInuCq6HGyMuen7Wrdtozv8IUNyVv0aCvEuNTawA/UkImVCdDCCTqxULAdzJnhGZ+L5a1ZfKIXyRjKuq/MrnhybtlcAaqY/s/xO2ukFRhi9yIg+m09Xg8TxOFmKYy7ngk2Y6PjdKGO0OjR3BGI0inRnBYbhkNBG5gthA5aMa5YIXeNeiHHZupYJd2SIQHMtVe2wdULSP+MT6MkmW1nJDPi/bId74wvGz7SHPbfAQSrQQYKLFfgA4A8qrWV1tVYkVphZMtRvFAgMBAAGjUjBQMB0GA1UdDgQWBBT6QNvuxPXzS4hg7nLwwkRvQV0ZMzAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAURyNgOBG4bHMjAHzSMLNdprrWzMcwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQQqpOIfpD4T/tQOfpbNDrhdA97wJOqz8SDN0/4IUHFH3kmXOBkI1/fNmXGXCvor2gui/cTnsxuds4SQ/TsCFvZ5PAkIBSawnFUVAxVVP4Ot2c5fnOLaxWeIZYDD1egLizba9vp6RuhiJ7AkXT9zNSoD9XBoTanYH3KnLv8S1iby1YkI7Obo=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey",
"serialnumber": "1084555693",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEQKUBrTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMjQyWhcNMjQwOTI1MTkwMjQyWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJe2R2/c7YZfOVrLgprBW+0Iko6UynveN3bR68n1p4+LrjxZEp7lIhil390eN0ySRxXIa3q0GeDruCG/p5Irx2xJ/7z/v3DSy9QI304vmSjS9cstSRXL/Pi4zLqU/i674MNzYWShWqOcJYJ3xuZk036aAX2pIfNGbUgz0z5/Y3L3NJTjZKGAFtFe/clXebr82tsfnDHPDwZqk5oW0pHyGgaFZK0hmyXeOw5w54VeXvGcUP1v5g/UIP7rnrLSN3VsWVjscuDKFApHLVi7asZ9DDEyifhPQ0R9ZLqZ2km+ujJa8tsqFFLC34kO6Il+IcCraKx12/5or60RkBK0s+KwhnAgMBAAGjUjBQMB0GA1UdDgQWBBS6FDwl/vvW/3ApfEhrgk2RRotURjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAURyNgOBG4bHMjAHzSMLNdprrWzMcwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgH3s1YdmA1tUGMKd3fds+PBj0ml9HyH/6nS7GQ2K2YydFc6r0oLWR4aE2FyobwRc2gglr3ZVipRzwF+dxXiIRT6iAJBP3XqVSvS72jLOXMif67yv6CZ3Hs/NoKAanyTcjwwVtYFxSR1j0W3e9QEP8HWi5yRul7zS3TO4G5DuHf5+v5JXGk=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey",
"serialnumber": "524044376",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEHzxIWDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMjU4WhcNMjQwOTI1MTkwMjU4WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF2U7sPqokN0n8NaCP1gXBKVr7jviFwtM/iPNA0dscmKGVsHwK11neW2u4lazEL3ZIMiLlzVJL90JfVqzyfF0hmBFc3U4cQhopJMML8w2uC/DuH3QUyJH/7/NNuPvh9SW6EVJT0YnfWFzhui42QVQ3t5fyH5ahwfYkc1XLi/M2jmlVRcUK77Ig8XPqLP2wom0aybzLwvgmv860xGDHv2tswHvO+3xpoLRPRWWs6oeKPfoLhf2vZiHlfbgSve62HqMqmMJi3i3T/MZBR9buDnLfLiSryJss08owv4mScxuH34AUWRzWXSit9IqNjjG1pWi+x+Jap/+HQzJOcTmONy1xAgMBAAGjUjBQMB0GA1UdDgQWBBQaWCmMhs4SnjwmD/VmCU+hBWRu/TAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAURyNgOBG4bHMjAHzSMLNdprrWzMcwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgF65EztL4lrwEbxylv9Ep+XFelLgk4IKPsfSg59hJHXF0VeW9/I9NSSpoRTqqKThF8YHSQhAYibMlwsd+heKsXqpAJCALSsE15yFQdLGRR3CfNC8zHXlyq/T2J+JiqkSgPeDM/Q+BsgxrwcfDCBgxnOlr4Yc53ektn639CYFQIul/5fBfmp-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "888520634",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIENPW/ujAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMjI2WhcNMjQwOTI1MTkwMjI2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkj5t+TSvE9SyZ7jETWscm6NVg/scU10Tqk9MnF5Y+/PZeCCMA5jWi8ahc47uq9uXyTUiHjX8uO3YNXInuCq6HGyMuen7Wrdtozv8IUNyVv0aCvEuNTawA/UkImVCdDCCTqxULAdzJnhGZ+L5a1ZfKIXyRjKuq/MrnhybtlcAaqY/s/xO2ukFRhi9yIg+m09Xg8TxOFmKYy7ngk2Y6PjdKGO0OjR3BGI0inRnBYbhkNBG5gthA5aMa5YIXeNeiHHZupYJd2SIQHMtVe2wdULSP+MT6MkmW1nJDPi/bId74wvGz7SHPbfAQSrQQYKLFfgA4A8qrWV1tVYkVphZMtRvFAgMBAAGjUjBQMB0GA1UdDgQWBBT6QNvuxPXzS4hg7nLwwkRvQV0ZMzAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAURyNgOBG4bHMjAHzSMLNdprrWzMcwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQQqpOIfpD4T/tQOfpbNDrhdA97wJOqz8SDN0/4IUHFH3kmXOBkI1/fNmXGXCvor2gui/cTnsxuds4SQ/TsCFvZ5PAkIBSawnFUVAxVVP4Ot2c5fnOLaxWeIZYDD1egLizba9vp6RuhiJ7AkXT9zNSoD9XBoTanYH3KnLv8S1iby1YkI7Obo=-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.