Product Documentation
Reasonably secure policy:
- Requires specific Authenticators
- Requires user presence
- Requires a restricted algorithm: ECDSA
- Cannot use NONE or SELF attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "ModerateSKFSPolicy-SpecificSecurityKeys",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1745341841",
"endDate": "1760103870871",
"system": {
"did": 2,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": [
"preferred"
],
"userPresenceTimeout": 60,
"allowedAaguids": [
"95442b2e-f15e-4def-b270-efb106facb4e",
"87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c",
"95442b2e-f15e-4def-b270-efb106facb4e",
"87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c",
"da776f39-f6c8-4a89-b252-1d86137a46ba",
"e3512a8a-62ae-11ea-bc55-0242ac130003",
"cb69481e-8ff7-4039-93ec-0a2729a154a8",
"ee882879-721c-4913-9775-3dfcce97072a",
"fa2b99dc-9e39-4257-8f92-4a30d23c4118",
"2fc0579f-8113-47ea-b116-bb5a8db9202a",
"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd",
"cb69481e-8ff7-4039-93ec-0a2729a154a8",
"ee882879-721c-4913-9775-3dfcce97072a",
"73bb0cd4-e502-49b8-9c6f-b59445bf720b",
"cb69481e-8ff7-4039-93ec-0a2729a154a8",
"ee882879-721c-4913-9775-3dfcce97072a",
"73bb0cd4-e502-49b8-9c6f-b59445bf720b",
"cb69481e-8ff7-4039-93ec-0a2729a154a8",
"ee882879-721c-4913-9775-3dfcce97072a",
"73bb0cd4-e502-49b8-9c6f-b59445bf720b",
"2fc0579f-8113-47ea-b116-bb5a8db9202a",
"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd",
"c5ef55ff-ad9a-4b9f-b580-adebafe026d0",
"85203421-48f9-4355-9bc8-8a53846e5083",
"f8a011f3-8c0a-4d15-8006-17111f9edc7d",
"b92c3f9a-c014-4056-887f-140a2501163b",
"6d44ba9b-f6ec-2e49-b930-0c8fe920cb73",
"149a2021-8ef6-4133-96b8-81f8d5b7f1f5"
],
"transport": [
"usb",
"internal"
]
},
"subdomains": {
"enabled": false,
"allowedSubdomains": [
]
},
"relatedOriginRequests": {
"enabled": false
},
"digitalAssetLinks": {
"enabled": false
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"none"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"direct"
],
"formats": [
"packed"
]
},
"registration": {
"displayName": "required",
"attachment": [
"cross-platform"
],
"discoverableCredential": [
"preferred",
"discouraged"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 2,O=StrongKey",
"serialnumber": "-1963384721706946687",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbigAwIBAgIJAOTAp/+BOm+BMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTY1NTEyWhcNMjYwNDIyMTY1NTEyWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBELZjVVcgwUjVDSsF0OLmMKzTX6rNsEEsKWDzMBpp8IlVlhmh+hSNamccasCejKwB+RdEsrc2VCJ81GT0Ke13zDcANW2HeM4NqXcR/bw/ApzWBRWYKGj32i5Ai1LFvxx7EhzKXuJakK2bgGaeRzcpnA+IJfCByqwc4bizqu4k0zXEFg6jQjBAMB0GA1UdDgQWBBSU7nwzGsItMeA/iRmviPMUza0MMzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQRlKhuc0xmV3N9dlT+FzMJtX8dqgbSB8sF2df7bdy19mDZtOG20yTHYq6miDuRFDQFAjYeuVQHs3Biefqil1bjzwAkIBeHfSOLMTFX+UZHptlEPxq3Wb0uiFWzEen/CyJo98eROczpN4/1T8WTNlm9R57mBbfEFO8dHTqIgEvhhm03cfT4w=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 2,O=StrongKey",
"serialnumber": "4415420999008465199",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBjCCAWmgAwIBAgIIPUa6ATOzMS8wCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU1MjVaFw0yNjA0MjIxNjU1MjVaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Rx1HVpSzF+O0s7ibdyejRKHZ/hDWqQeO5pGx6MrLVHSfPWyaJxYQ0+f8grPBcgbcJ8QnrfGLCoMTRRTeGcnK6NCMEAwHQYDVR0OBBYEFO8BVnONIpBSKj+ALKGz6kVt2peuMB8GA1UdIwQYMBaAFJTufDMawi0x4D+JGa+I8xTNrQwzMAoGCCqGSM49BAMEA4GKADCBhgJBYjnW4VbeIHPU6pMXNaEtNJWFMrIZssFh5fNyRV3+91QusmkcKduYKY02ivaA4GWMAKtrk8IanQqiIfr6aaAZi3ECQSeBoJ93Pph9mLbaQcLPDhjqNcu6rzcUzMwpe/gEwOcm5ZprUEMZM74RGna0bxa97pRSVTM84X5IqUgi4GW8QT9o-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 2,O=StrongKey",
"serialnumber": "-3726673575424921183",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWqgAwIBAgIJAMxIMiC+9nGhMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTY1NTQyWhcNMjYwNDIyMTY1NTQyWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJ1/L8tTzso3OGBtie3BLS4l7SJFxIdhHBdJWjXnd6I/e7L5qmHjqMhOmeHndi6RIp42YVlLe4Ov9hCiehMZaHejQjBAMB0GA1UdDgQWBBTMYjjxVx2eYFCeGfCnEYNWZWq9HTAfBgNVHSMEGDAWgBSU7nwzGsItMeA/iRmviPMUza0MMzAKBggqhkjOPQQDBAOBiwAwgYcCQWO9ps6r2voeJLMlOJa5t8hpxV95RVA9e1MaVzQCT3k/WJ3KqxvMc1+VEhV4VcrnRxMNLGi8sEULLHf4owSlKpT8AkIA0a8sqm//UMmIDTDahkaiYPII4QjsbnGcArwDTSPIZHpZoCuhlTZ2ODHu+LU6OFHptNnPJ8u3VZrszKjtbQ4HO+4=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 2,O=StrongKey",
"serialnumber": "-1074765479114408963",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAPEVqn24iHv9MAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTY1NjAwWhcNMjYwNDIyMTY1NjAwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABArHn2DH5t+hggzzTeOjCPhApZSoOt6EmASoumSgFhC0gQs/yD2DF2gTFRWhZyH/O7RfJSPKSdvuF2ek2iDpMOSjQjBAMB0GA1UdDgQWBBR/L71QUuXBdObSeeLkGK5VMqOntTAfBgNVHSMEGDAWgBSU7nwzGsItMeA/iRmviPMUza0MMzAKBggqhkjOPQQDBAOBjAAwgYgCQgC4UyzBXA7h+hvMghJE+jckDP8bVM5sYt44ewk6Y1rqDXE1qSewMEKjKDZdwWDrPKg48GgHSphxJGc8QEBynFGepQJCAXMtT7dFgqQftzbjgBMzTIWkTf/GwK4hfFyqN1MNCv6053M0kblJIl6PrLvQoYJ9AyHfRc0lONvW2O8LVL2I5YQc-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 2,O=StrongKey",
"serialnumber": "351259172751490513",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIBN/sW0fzPdEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA0MTBaFw0yNjA0MjIxNzA0MTBaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhnklpMGda8YvyMCa0YOHsWtYte/yL60ZxF2b8I91dct1IJYke+ghDGkGVPp0WLAC8qHymfSzhy0YaKK4FN2/0bzh5ZXTuOoJxjEVVNuOUCnyjuCzMcJ8qQLWcneSsDsgUOUi/ZO2Mpb489JCGX3bNHzEWTldv2ILH00es7iXXwc1+uDYkLpr6QgVwyLPwczLZZQb3jmeGroWnMTfi0tHFam55zWfVYnsQ0DpMRY7WXFeDEbLng25g+kBx8zkVEQfudtzFj81SBWyf7TnzkfwUcXoDtuRDWi/8xa1uecv/8fSWnW0FqaJVq4ysItOdXXciCSKTDEWr8CCDwIoG+vaMCAwEAAaNSMFAwHQYDVR0OBBYEFG93o/7/9EbNImPEe4UaSj53a3rPMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSU7nwzGsItMeA/iRmviPMUza0MMzAKBggqhkjOPQQDBAOBiwAwgYcCQWLYBvzvdCqQa7jgQHFfTWDfJAVCtZAZtmmE2xUbkLWK1tVZzAHZzVFUX6BFnF8gau4+a/WNU853QPW8JuorVmOQAkIBw0RX4jezs0gDxNXhpai3Cg8QUOfQkPno8asWrOKFv5NAg52wNzOgA8CzZ7PqfyhZgw5XEhyxmCPAZ43GUoYIATE=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 2,O=StrongKey",
"serialnumber": "-5508236821732320725",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkagAwIBAgIJALOOz8tl6xorMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNDI3WhcNMjYwNDIyMTcwNDI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0H7B7yj5LG7131mqa0JHx4uw5+G5RjwwORACvgSR8P9Ha6tY+UnKxfD7dNCXSuze0slqLvjJtvaers8R+N4mDOcuZ4Mewa/LmEdV4Qk8aMkhf1JvIZoSTHNqT4Tp2xCAkPAaed2cl6wYwEN9YGfwMkyhg/LOIVjYjwhiHcMASMx1rMCgZmBsckHEvM8csZhcVLy+VopGCxMWYAMH0/QBUwrB6gUm7FfSo73v7m39dAguCGkKLxYVX4PqRmyRmnBWDGRq9mLbHbTRJS6budJGSMkPYSYw/vXroS5w1X7nYTTA7PcVtyirgLSNcRFf9QdBbbl9eyBofHfih5eAWXfFhAgMBAAGjUjBQMB0GA1UdDgQWBBTyWXeNnC/jZylwKI7XroGPqsrnGzAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUlO58MxrCLTHgP4kZr4jzFM2tDDMwCgYIKoZIzj0EAwQDgYsAMIGHAkIBHuttEaQ4TF2oHpSMHcC3Awk1dmN+ZUO0TzePaJ9icuUkeko4iYjO0KeP655QFBSxAExO0KRj0IXEyvptxlsc1/kCQUYJ3zfPV1JOQhbuX0pn2BBb3rABdL0QvcF7Afqy12+/uhkoOGj01p3ftNWDV8GAKwsgJBI3L+l2O8I+Vy+a5QC8-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 2,O=StrongKey",
"serialnumber": "-6366021805184524232",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkagAwIBAgIJAKenWOWVleA4MAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNDQ1WhcNMjYwNDIyMTcwNDQ1WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCywGIf3wXbupip4PQCF0KMXB0brXVovmUDTn26dTaWSt+BZsqxTYmQrz7M1p7Q/yDZUnB9zBZPnHTilzLXb1sxAkYMw/3hTNbPGkqeXdLrBIb8WrG1Ikrlt+PAAop8P2o0080uSEI/v/FBbHo5JOEfIVe0SSLnvNLWO42tDHjZt8STNsG69NP59P+Y9KviAL1S8EttyMqE+W1duAZjigUkY5ioL8tXKfWrcp++lGMfs0GEBVb5NNcvV7f6BzRzW+1amnwoiUecj3fFAP/UlJUXui0P7q9RQmVQPyVEf9ndTvSReje3N6sRl3pDuXLOSZj5ll4BIdxBdDnoq2qFhtu5AgMBAAGjUjBQMB0GA1UdDgQWBBSj7BGHlIm1SGFoj/7J7Sn7f9bscjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUlO58MxrCLTHgP4kZr4jzFM2tDDMwCgYIKoZIzj0EAwQDgYsAMIGHAkF9ULyutw/ueJK2TGo4qhLoXkdPzqiNzWYA6I8M95ugRl/2iG9D7YwEQP13hPKOqzICr8yGHFf0j8YZaMslVevDdQJCAeeL29ztxkbH8ZFpQEhArNA5uT4zbLCNwF8KejkbcikjmMCkI4eZlPY/MsdhL9MQlyUgg03BCYsOqtL/mAicwfDv-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 2,O=StrongKey",
"serialnumber": "351259172751490513",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIBN/sW0fzPdEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA0MTBaFw0yNjA0MjIxNzA0MTBaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhnklpMGda8YvyMCa0YOHsWtYte/yL60ZxF2b8I91dct1IJYke+ghDGkGVPp0WLAC8qHymfSzhy0YaKK4FN2/0bzh5ZXTuOoJxjEVVNuOUCnyjuCzMcJ8qQLWcneSsDsgUOUi/ZO2Mpb489JCGX3bNHzEWTldv2ILH00es7iXXwc1+uDYkLpr6QgVwyLPwczLZZQb3jmeGroWnMTfi0tHFam55zWfVYnsQ0DpMRY7WXFeDEbLng25g+kBx8zkVEQfudtzFj81SBWyf7TnzkfwUcXoDtuRDWi/8xa1uecv/8fSWnW0FqaJVq4ysItOdXXciCSKTDEWr8CCDwIoG+vaMCAwEAAaNSMFAwHQYDVR0OBBYEFG93o/7/9EbNImPEe4UaSj53a3rPMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSU7nwzGsItMeA/iRmviPMUza0MMzAKBggqhkjOPQQDBAOBiwAwgYcCQWLYBvzvdCqQa7jgQHFfTWDfJAVCtZAZtmmE2xUbkLWK1tVZzAHZzVFUX6BFnF8gau4+a/WNU853QPW8JuorVmOQAkIBw0RX4jezs0gDxNXhpai3Cg8QUOfQkPno8asWrOKFv5NAg52wNzOgA8CzZ7PqfyhZgw5XEhyxmCPAZ43GUoYIATE=-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.