Product Documentation
A very secure policy:
- Requires user verification: Biometrics, PIN or Pattern
- Requires restricted algorithm: ECDSA
- Cannot use NONE or SELF Attestation
- Requires specific FIPS Authenticator
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-FIPS",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1745341841",
"endDate": "1760103870871",
"system": {
"did": 8,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": [
"required"
],
"userPresenceTimeout": 30,
"allowedAaguids": [
"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd"
],
"transport": [
"usb",
"internal"
]
},
"subdomains": {
"enabled": false,
"allowedSubdomains": [
]
},
"relatedOriginRequests": {
"enabled": false
},
"digitalAssetLinks": {
"enabled": false
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"none"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"direct"
],
"formats": [
"packed"
]
},
"registration": {
"displayName": "required",
"attachment": [
"cross-platform"
],
"discoverableCredential": [
"required",
"preferred",
"discouraged"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 8,O=StrongKey",
"serialnumber": "-3707924231488044431",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVzCCAbigAwIBAgIJAMyKzo6QF4JxMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwMjAzWhcNMjYwNDIyMTcwMjAzWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBdmPlMyvhvWSpjJJOy0GtYl0l0jyTqbO0goLCpWron1cpcMlNIwIPxDvNlqz2sPLCbgNj6cGZycXVRKmAvheM8JgAYCHcoaZ6cSFun2bz5L7eaeEsM9QE0v0WdS5Pe6vyDo8+2nWx9ujnzSNCtofSoVpu7YWqNBT//bGxy/CExsZB3p6jQjBAMB0GA1UdDgQWBBT4d+NKuncC+Q4j2of8UTj00eCAqDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgCXfLe4yAidQpvtcfaBdIAKH1Y7BBz4/2FEyS9MStCKGp4VMiWdVlTTlmLz2SCTm5EfM2q6vdaLf1p5AI2aYB9jOwJCAS8YPOdhdsQrTNEYKAgf9uLPnODTu99ojBgvoodhwL7GV12dbTX4SdX6Wa15VsjhqoFDCZxcO54VVpcaV/PGAjhw-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 8,O=StrongKey",
"serialnumber": "-2552626172882832378",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJANyTQAUo9DQGMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwMjE1WhcNMjYwNDIyMTcwMjE1WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM7pQ4ZPR5UmZjrFoqaF8BKrC4oOHrhl1HDhSZYbg+oxLePCRcNomx8QlrdMfZsmtd/krWL8pSzEKqBeiZZosFGjQjBAMB0GA1UdDgQWBBSVlW4X/JoyYA9De6uYOvWOvcTo4DAfBgNVHSMEGDAWgBT4d+NKuncC+Q4j2of8UTj00eCAqDAKBggqhkjOPQQDBAOBjAAwgYgCQgDiaYZsW6D6yjpjzkpZIIbMqL7DDYQOMvoNI7y9roQvyvwouCI+HVOOKaWcCYNZQt9dgGhDrZl+JVa15b3NFcG/EQJCAMYNC1OHA09jTur2UXKocVeP/0gFL1LyzzXpZAefAgRf9ZqnqS9iRfaZTFrD6HtflLB0yzUFFkNe93b331ZOhT5N-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 8,O=StrongKey",
"serialnumber": "-6606846424662614112",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAKRPxC5sbN+gMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwMjMzWhcNMjYwNDIyMTcwMjMzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIWNiYVnU3dog06WMXgkNOqulbstdCoT841lJh2r8GyR27OZ6o/9njccTmSGzFC+NuDgWz8GINV8QNj/fK8cnmjQjBAMB0GA1UdDgQWBBQMpu5q0ZHb07Kz/qWIdbuCSBFhgDAfBgNVHSMEGDAWgBT4d+NKuncC+Q4j2of8UTj00eCAqDAKBggqhkjOPQQDBAOBjAAwgYgCQgCWirbCCysV8+SihrmzXHgycIbo6X8iP4zbbXiCzSOh+74u/moKcSpgpmwJ9SoRHCcD3qMFXhqR1Ad1IekjztHYLQJCAPWyZhfr5QcyZLKtutBwyW9/EkG0zL9ixlImmPYyYZP8etGHuR2X4qpx9XQtwrawj9a/UvcvHZS3SE27JJWH8SV9-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 8,O=StrongKey",
"serialnumber": "7493499357124040302",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIIZ/5B9on/Fm4wCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgODElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzAyNTFaFw0yNjA0MjIxNzAyNTFaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcwx230oeP2RSPo6M41MUOR9rtDbNcy7QLH1pP0riqvnzfnZvsMbN4JLeu+YmIPRCbZs4pEJS5MvotW0mTkqJe6NCMEAwHQYDVR0OBBYEFD2pgmV8icb50yXqiDOzfeDaQIXsMB8GA1UdIwQYMBaAFPh340q6dwL5DiPah/xROPTR4ICoMAoGCCqGSM49BAMEA4GLADCBhwJCAJK4HSJH/emN3hCLbes+PlzXKpU4gf/vu2bjEQeOwGfY55fw2drmNtjl7Gwr20L+/uwOvDcZYkshhuVmM9k2YBWuAkE47d+SkqXAQy8A+WSrC8zO629BaajZ9VEqVvTqCbsFBmooQJ3GaO+0tMfun9SbsN/FFeVf7/fdrT3BA3qG/efHDw==-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 8,O=StrongKey",
"serialnumber": "-1344023407271844208",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5TCCAkagAwIBAgIJAO1ZEdT/wGaQMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwOTUyWhcNMjYwNDIyMTcwOTUyWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDClmkCHYbs1XVhQ8FMtbqqfaCiYm9rrp4v3SOSO2bTy/zNpC4ivFgra9xNa8S51IFwQlM7yFBkRUk/hYy6R3Gy3yZhtk7U2rZ6bzwPJFFyaY6IISu7cuOTgbkAnqfjdPpGRrVcAQlXAj2rWEc3Zekx7NCDVcc6Sfc6NkR9MwhHBrIUrYNh8HdBdEQ7V3GaGc+anoL9+/gBbWPh+6+eEstpN7C/R50cKfkCcaH1EH82TkHxv852Z2bNXR5mNZjWSvpP/gB4zJZb+oTXGrm8xQwMcRTP73ozrGoBChgZygZ5Q4twKGZl8O/HoNr/h2+wgB22WxMu18heK8aPtVz90pyvAgMBAAGjUjBQMB0GA1UdDgQWBBQRj8fLalqpG2N6NCUIlqbYtYBh7DAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU+HfjSrp3AvkOI9qH/FE49NHggKgwCgYIKoZIzj0EAwQDgYwAMIGIAkIBzOS4K+cwFOoyb4pD4Kz0s8WEVtDyZ7IMmdAbh8dBRcZeHBlLbhBqDwXvv6XuOqqVMOs8ORp1a2+rJyppMhpAbxECQgFQ5hRNQgy3bP+BwOzBLYo8eGVHjLY/XQ8EeB13wKZYe6esm+RgW6xQoxyidDoCMYqL4DieHtA0r3t7GV6oIqoeSA==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 8,O=StrongKey",
"serialnumber": "-5710587671611292852",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5TCCAkagAwIBAgIJALC/6sTG4kNMMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcxMDA5WhcNMjYwNDIyMTcxMDA5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEU2p9O8VDvMblxJzG2FILhQfpgZ+vWAXXFmCU7hdBdp6+RRwMWxB3oPKMU2i3+f/R+xc+iXmcN+31rgcOANRmA7JKCk76sFylMzX/ZeyUivmiYPfJeEEnWYEBOGZOAMJRT4AHRf2tN35KpKqUaQC2k8SmMoFSS96gdViR5x6N2BJ/ZoX6RT1jzHoV1IdeWqzhPzCwNmqLQuw63iZVw+uJYaFhDso7GJC6HxmWe8aBywPZjK0aODtNGjVASqGVc2QZPLJEDoG8BENdgeePhaS1+RY/LIFe/fOrHJGabdckmaOuotLzyFsCyZuiU2WZ66r7z1MB3dzKqMqf80+nIMARAgMBAAGjUjBQMB0GA1UdDgQWBBRqnyFnayopJnIXbcMaqNve2unrhjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU+HfjSrp3AvkOI9qH/FE49NHggKgwCgYIKoZIzj0EAwQDgYwAMIGIAkIAh84/r/1s/3vQD+m5Y2VL0VKdueUUvRFwmnR9TeDbt+sPGvXVxYca06Cvo/5DjbFNwKdgvuhkeCDyMnrUUDubduMCQgEO5ACZ6/xZP9a0R+A/P5KJAJINjgt98uHs7axtwEDchM4yIzOD76yVm9tkaDoEB95IaGJCDe8wIToVkmrzwH72sg==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 8,O=StrongKey",
"serialnumber": "8186793552893636368",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcZ1VXGGu7xAwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgODElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzEwMjZaFw0yNjA0MjIxNzEwMjZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+5+Fh0W6twjbIwZGHjgqPyv8O8bkkqrMIxPTS4n4yNyp2L/pqgXbLDb5xbuMpCDcD0Up6kLWWBSTGdXEVmLg32vC02rOmieZvHfoK9qyBKejkaB9+Nq25Se32Vec6Q1a0G0Pbs0LuR2PP1MjmcwgA4eY3FE6MYEvVop0HlN5WiPfQ023DJd4ejA/sHq5qfMNX0DVG2dXDnIU0RRaLGQS/0493L1Fp2LXq1UyGqDUfXHUXXJiJianQXWPyeE5pcM2JQ9ZVTb2XTN0qYDbdV9c7K2DDH/UeTKVhOKCXOr+3KY7dztXBJ/bPHrIoTiyLiXOqBD7jYYRtgNQhQEbhvJv0CAwEAAaNSMFAwHQYDVR0OBBYEFEmpHugJyyhzZSOizKsUh/eYSC35MA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBT4d+NKuncC+Q4j2of8UTj00eCAqDAKBggqhkjOPQQDBAOBjAAwgYgCQgFx/ut/l2CGHtBlJ2m+GqTr5L4E3ExPGkghh4CW69SL8NSnQGWO+7HlXcSzljZGEh4WVI3nC1K5wiLIvleEPDNJOgJCAXCmt91a2uTzd/HUoTEvnEM0pRYyr43e35pOrjI80SZ75HTCBN4FqVbHNUiObIY9fUOHwfJxYKm+pr8illEYhKme-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 8,O=StrongKey",
"serialnumber": "-1344023407271844208",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5TCCAkagAwIBAgIJAO1ZEdT/wGaQMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDgxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwOTUyWhcNMjYwNDIyMTcwOTUyWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA4MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDClmkCHYbs1XVhQ8FMtbqqfaCiYm9rrp4v3SOSO2bTy/zNpC4ivFgra9xNa8S51IFwQlM7yFBkRUk/hYy6R3Gy3yZhtk7U2rZ6bzwPJFFyaY6IISu7cuOTgbkAnqfjdPpGRrVcAQlXAj2rWEc3Zekx7NCDVcc6Sfc6NkR9MwhHBrIUrYNh8HdBdEQ7V3GaGc+anoL9+/gBbWPh+6+eEstpN7C/R50cKfkCcaH1EH82TkHxv852Z2bNXR5mNZjWSvpP/gB4zJZb+oTXGrm8xQwMcRTP73ozrGoBChgZygZ5Q4twKGZl8O/HoNr/h2+wgB22WxMu18heK8aPtVz90pyvAgMBAAGjUjBQMB0GA1UdDgQWBBQRj8fLalqpG2N6NCUIlqbYtYBh7DAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU+HfjSrp3AvkOI9qH/FE49NHggKgwCgYIKoZIzj0EAwQDgYwAMIGIAkIBzOS4K+cwFOoyb4pD4Kz0s8WEVtDyZ7IMmdAbh8dBRcZeHBlLbhBqDwXvv6XuOqqVMOs8ORp1a2+rJyppMhpAbxECQgFQ5hRNQgy3bP+BwOzBLYo8eGVHjLY/XQ8EeB13wKZYe6esm+RgW6xQoxyidDoCMYqL4DieHtA0r3t7GV6oIqoeSA==-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.