Product Documentation
A very secure policy:
- Requires user verification: Biometrics, PIN or Pattern
- Requires restricted algorithm: ECDSA
- Cannot use NONE or SELF Attestation
- Requires specific FIPS Authenticator
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-FIPS",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1695937015",
"endDate": "1760103870871",
"system": {
"did": 8,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": ["required"],
"userPresenceTimeout": 30,
"allowedAaguids": ["c1f9a0bc-1dd2-404a-b27f-8e29047a43fd"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["none"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["direct"],
"formats": ["packed"]
},
"registration": {
"displayName": "required",
"attachment": ["cross-platform"],
"discoverableCredential": ["required", "preferred", "discouraged"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 8,O=StrongKey",
"serialnumber": "1119189260",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbWgAwIBAgIEQrV5DDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMTIwWhcNMjQwOTI1MTkwMTIwWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBqPmb9/+MkL0BBeVeoTzFmJSNr96Xd7bkE30C/gQ+6niFVFtzyrJjBfCfPRZK4DXQQbE5YSLpLoNjSIKj9QrqIJEAqnJnatDxqQL2JNxPkrW+NXf/MCA2J+uaiC265sgE+uPSjDtSbZQirSboZsVEUpnZoZG9mqjsoRK/WKohPGKGy7ejQjBAMB0GA1UdDgQWBBRrjlgNA1MFSzi9g15tglzNMh1mxTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAZUszA7vFutT+dC/biWa5hNLKdIB8zGaWprnUyXv9s3E2eQGhYZ1odscfIf+F/yrOeb2p3qY0+Vug9mqPe0IyU+aAkIAqN+Ydi6U/wcXb59MzlWXRENXpZVzskgTYPgGR22+dhGpAnz3FuCrRkkrhbulE9vP1yjuq4ZFj+wdGYMvVp3WBIs=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 8,O=StrongKey",
"serialnumber": "763610591",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIELYPF3zAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMTMxWhcNMjQwOTI1MTkwMTMxWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCdf8yEg2SSinsoY2xaPcY7DJ1c0chXo17Wc1ILXEgpeiVMsjpPbKIHQS9uofa176d72OoH7RbrReXZU/zk5hAijQjBAMB0GA1UdDgQWBBRG1wCOTO2ymD8Y8foQ9+3mwCArWTAfBgNVHSMEGDAWgBRrjlgNA1MFSzi9g15tglzNMh1mxTAMBggqhkjOPQQDBAUAA4GLADCBhwJBEfOjKEN8jOdtuAwT5WJbtzJAKFj4RA1gjk9i7oAEj0OtYczpQ5ioB7GoQGUzAwOz+y61nioBtyATNrgtaMrOckICQgCGwUNVsinTmARRdCFjjbQsCwhDctGq3IyZNr6eH1QIfkgxVhd+GIEsqt4AyrLsa9OhkA6v20EWXab6W1cGywlKTw==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 8,O=StrongKey",
"serialnumber": "2026985890",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEeNFZojAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMTQ3WhcNMjQwOTI1MTkwMTQ3WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDl/e8ZQtzEm/ZBKGTFolYzLz+p0cr4BMz1XnUPambg5s8M/MApnM1icWoNHfjc5Yu0opVLU+3P2G90I8lQB/PujQjBAMB0GA1UdDgQWBBSnlmnc2znXaSEwoK0a1gQmkaHUKDAfBgNVHSMEGDAWgBRrjlgNA1MFSzi9g15tglzNMh1mxTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAQTS6M7+Sfmus6daIbg0uogXYo2Du8u5fF6FGvwDpc8BLGLxVVWylMTTlW98uIM5th0aMgflkVLWJnRLDE/utQNvAkIB/lXvOiy1nuw4CqQH6tIjTR8N1Uz3G5FO7YMW7xz7NaO7HYupTeFvlrFvJc7KiTDdDECXF/u4L7tpKmGwD1m5QNA=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 8,O=StrongKey",
"serialnumber": "1806749684",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEa7DP9DAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMjA0WhcNMjQwOTI1MTkwMjA0WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNN4/1UkfoGOXnrU4eauh59PhejHCAPvqDk0WEuu+U4WjJqrtantiVVMw0o50EMJhBqzgh4Mkao2a+k9wZRMNACjQjBAMB0GA1UdDgQWBBRkTSDOszRkptf64teRLxOR1W7ZUjAfBgNVHSMEGDAWgBRrjlgNA1MFSzi9g15tglzNMh1mxTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAUurRCvNmXnUmEZwAJsOH8MWG/LzFOh24Gicdz0fCb4F+PUNEReSq+lCSF7kJBKHxSxRXtIgJ9ZZzsABeipxM+xDAkIAqcKTeCEpVDsOqm+Hf1gMt3Ja1Zg+wdYD+eltfVJ2YaXNDqVDUQkj7IJTWCJgb/yeZU/kABbD4US6LFDrDa+8K/M=-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 8,O=StrongKey",
"serialnumber": "1986984533",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEdm76VTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwODQwWhcNMjQwOTI1MTkwODQwWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgTMfjxlZvynbyLGKuLf/whKHLsWVwKJirPuHHoz46nOkGWWnF4JqdYmqzykHWrhh+507N05NWvO70UXYhHlVT6+V7UE32JpLYLv5UE66F32sJpYLiK0a+B7Eq+P5n3FO0bRAuKwEaw7GStf9jUf5hqnHptBGTl4RiSJKooGVKX+RRJ4QNZKaazmxokZfg8EU/GFGjLoUW8X0VinGBfVY86DlYEjyou+r6GOZFWHjXiNzwZeAj2A7WeM5QpMlKTyuu4m2iAcEr4WJq5CEqDc9KrKYOns6bctfIStwGyZ+pcdgE2ht+GFQ5Dk+dqNSPrgkNxQygAxPS9AA+bqfItA4HAgMBAAGjUjBQMB0GA1UdDgQWBBSAWyDD+OJmO2qzn36LKrZMNlxWpTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUa45YDQNTBUs4vYNebYJczTIdZsUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQUQM8Pp4NN1Y9Um0cLaQ6ZggCCMJPqC4IYTTlBJZEEHSVNGsGcIPR707mQE7Jn6f1jLfAwoq5xvFwTyQ20vo6LnjAkIBOHYU+V0RXB67xgd27T7duUoAL8tcFI1wadNJwVSlcgzEqnbVyCElVRfKQY54d4Ors4NsWnKKAzwTPwlykwzJ0/I=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 8,O=StrongKey",
"serialnumber": "286523948",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEERQCLDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwODU2WhcNMjQwOTI1MTkwODU2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9vYXuVZC2lhzCI1/98049IAV4TXCbeyxESeKgvWu2ZBZo9Mxk2gLQYGW2/eIJK4tcO0xqWg80XOE4leQScLK6EB8SLfgFjnBIqDlvglS1/7UYKYZrOmEAuTHlCNPONNJrFNI/a5HBWVxWTYMRSrUc3ZcL/UgBC/HgcgOEIkFw7i3UEqJfGY0i63MR7jnE+5qSQ5w02zikza6YYyroHq2TcbGhOw0nF/bum63ul7F1V6UNrjUmVDVuy4GLasoekoJraKRu7RHt1aqwCfeU1QLPeAjcykndNY3IX/Z5iXeDJZ7KM+4KaFi0DhfsQHjE9JQW7iDcXGZPM5NH2UXMYFcPAgMBAAGjUjBQMB0GA1UdDgQWBBS1tvKjkIZW+vDEeFKy1Vrz1LLVHTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUa45YDQNTBUs4vYNebYJczTIdZsUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgGvwTsZllcBVxI0bWOallqrcVcRLkOMN38u263PBOgE8NtQvNMgvF9/UW+uo1m6C77rJ5vYPmw8vsQ8yn/ljstEywJBOsFpjRyk/Dyuyg8ohGogccIzJV/PsPUAbyPxN3hiHFCFTufu0pEe0o52w0r45ISEWPF5FQHEgsGtNsIhwHzh22A=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 8,O=StrongKey",
"serialnumber": "1137261348",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEQ8k7JDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwOTEzWhcNMjQwOTI1MTkwOTEzWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYzRJLl8bZLVwtgYigSEWxindj6uhq4zJyeSkiP7e0DqzbB5TkK3YviJEWnAuX97uaBJOs+GYn4vzhVuVWmBHK0UIpCvolpvrS+DiAv3D9m6Bo1dMT4F5iBMceYOnwxDiRu/5VHUPqddoEBZ9gWCJz1LYLJ1MzQ7rrlRauqsNMY4YTg0QuOOy15VxaUReRWjKbYiR0pE8uAzWND1L6LIU97VdNT4rZpk/70IGnmQJ7GG5uSHQNvuG0p/5oTlWva4hv8ZcWwtiPrCYrN/UdsCm+c2s1YHYWaeba2fHaegD7sYoTqb86wGsWo2QSIwzj3gL9kU6TCclAHm7fYeMMh9A9AgMBAAGjUjBQMB0GA1UdDgQWBBQBP1tpiLc2zu/5p2sXfYpTPAL9qDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUa45YDQNTBUs4vYNebYJczTIdZsUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgHHl37TJD8EUfFNcEEk8aaJH5XgybG4qfNkQ3+SNZGIxz0GW8/wv4Gjo48OaS8fcvIetMZ7vj1P+Gd+looBDGGc+wJCAQheu6SqZwHgtBH4d14Jhh0POkzuNApQgjcQ+NF/5JSOnua8XUc0qZf0a6AwiS63SMMdXYk+aFwlcNEFIj2Bww/a-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 8,O=StrongKey",
"serialnumber": "1986984533",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEdm76VTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwODQwWhcNMjQwOTI1MTkwODQwWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgTMfjxlZvynbyLGKuLf/whKHLsWVwKJirPuHHoz46nOkGWWnF4JqdYmqzykHWrhh+507N05NWvO70UXYhHlVT6+V7UE32JpLYLv5UE66F32sJpYLiK0a+B7Eq+P5n3FO0bRAuKwEaw7GStf9jUf5hqnHptBGTl4RiSJKooGVKX+RRJ4QNZKaazmxokZfg8EU/GFGjLoUW8X0VinGBfVY86DlYEjyou+r6GOZFWHjXiNzwZeAj2A7WeM5QpMlKTyuu4m2iAcEr4WJq5CEqDc9KrKYOns6bctfIStwGyZ+pcdgE2ht+GFQ5Dk+dqNSPrgkNxQygAxPS9AA+bqfItA4HAgMBAAGjUjBQMB0GA1UdDgQWBBSAWyDD+OJmO2qzn36LKrZMNlxWpTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUa45YDQNTBUs4vYNebYJczTIdZsUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQUQM8Pp4NN1Y9Um0cLaQ6ZggCCMJPqC4IYTTlBJZEEHSVNGsGcIPR707mQE7Jn6f1jLfAwoq5xvFwTyQ20vo6LnjAkIBOHYU+V0RXB67xgd27T7duUoAL8tcFI1wadNJwVSlcgzEqnbVyCElVRfKQY54d4Ors4NsWnKKAzwTPwlykwzJ0/I=-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.