Product Documentation
A very secure policy:
- Requires iOS 14+ mobile device
- Requires use of the Safari browser
- Requires TouchID or FaceID
- Uses Apple attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-Apple",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1745341841",
"endDate": "1760103870871",
"system": {
"did": 7,
"requireCounter": "optional",
"integritySignatures": true,
"userVerification": [
"required"
],
"userPresenceTimeout": 30,
"allowedAaguids": [
"all"
],
"transport": [
"usb",
"internal"
]
},
"subdomains": {
"enabled": false,
"allowedSubdomains": [
]
},
"relatedOriginRequests": {
"enabled": false
},
"digitalAssetLinks": {
"enabled": false
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"none"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"direct"
],
"formats": [
"apple",
"none"
]
},
"registration": {
"displayName": "required",
"attachment": [
"platform"
],
"discoverableCredential": [
"required"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "example.strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 7,O=StrongKey",
"serialnumber": "-3196256997297386811",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbigAwIBAgIJANOknTIJO4rFMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwMDU1WhcNMjYwNDIyMTcwMDU1WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAS99Ov6xbscdKHoq2xgdoHNFwbYC+51H82E9nxS4v+6NQ5JWwdN7z/cpv2pCkxIjVA7aRnDzP2fe88MH4FoZ28h0A9YSC3EElCA6Kqhbt6NuWaTCNgch9oCY8lYRUouja4Dfc0k6iPM3PnRO/gPfo+UmY7+sepsGbTKtT2LGZpHFNXTajQjBAMB0GA1UdDgQWBBSzZLunIAxnfesv920qKGrr6VbwqzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQgEkME3mQ94nTWmEOIk0ysssvsX4bLPoTR5TDHvfM9cx74syF5+3cEfgpp1yHe5e40psDMyMj3P+ewIB5SoYPRMgbwJBF221uRRTlnp10RKtfMCkIYHC6KRX1xyl2RdBJH2qDYNhxW9eXi4fXBCrFnThGGlDa//w/a+zOrDSlEcO1lISKkI=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 7,O=StrongKey",
"serialnumber": "2624754665005358444",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIIJG0AdhYxnWwwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzAxMDdaFw0yNjA0MjIxNzAxMDdaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtYiIkZrkR4j7uPlgT20ykBe+p35F1YdireBjSyHZCMwnjhpI/Ap8O+VmviGaUPLNbamoxtoE3aMIg892zmLavaNCMEAwHQYDVR0OBBYEFFyLRBXbM/C3R+CBIAF+EpiZrPOlMB8GA1UdIwQYMBaAFLNku6cgDGd96y/3bSooauvpVvCrMAoGCCqGSM49BAMEA4GMADCBiAJCAcmQ0EQksPqxDarrS5EzlYe7SOLV4NbZ+ZfliXGDyDubvDATVOHqxa/6acjjfYfUye6seCpQI9DxtD1q1zfCk7jhAkIAvnmei7IT9Eiwj0hG6JtwdJfzKVO2KXrAFK6FhwHPt8xtmMyJg/taU0PdLizrFS/Ggg1nm8JV8hW/7samoC3vqpA=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 7,O=StrongKey",
"serialnumber": "5711359871399094941",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIIT0LTiv8p6p0wCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzAxMjVaFw0yNjA0MjIxNzAxMjVaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaFZRycZS+tq/sJswjpcCz6bATb+Hu9BQc2JPgGua3yzN/9NKMR2O4AvU6mn+CgfvV5AqxR0nYuqVcs3409emFKNCMEAwHQYDVR0OBBYEFOBaC5Fn4Hz/qNEgH2RHKBUEO736MB8GA1UdIwQYMBaAFLNku6cgDGd96y/3bSooauvpVvCrMAoGCCqGSM49BAMEA4GMADCBiAJCAdUqY+PEneWd+/QxoyF1fVoSFEacGfjyFa6a+lUfVmR0uyrcwM8nOaJ0b9q/lftkWK8P0n+wMHy9vqP8/omYal/qAkIBYFJQTqzWBJg/U6knF40dzJPWmoyPbZG1IL9vJcFDrP8CBMkMpOm8VAINbfnMhsM3F6HDqnfQcCG6R+vkAd/Gq+w=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 7,O=StrongKey",
"serialnumber": "1932868599874258438",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIIGtLtwDUDBgYwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzAxNDNaFw0yNjA0MjIxNzAxNDNaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZSqxVwVwIvPEdYNOqFqtHa3eqwP51d6SLh854FO3J5ULr3H/NXwGWBelvf0LGvvbLXXpq51vftfZZOjw1hNKFaNCMEAwHQYDVR0OBBYEFKxgoLMkNHU5YREu34VEvlrRW9YXMB8GA1UdIwQYMBaAFLNku6cgDGd96y/3bSooauvpVvCrMAoGCCqGSM49BAMEA4GLADCBhwJBRaG8PpfA2bONhVqFI/T9vCPCiWzrPDBXqx2FA8Jmr3lAwc874AILj4DWos8OXyoXDQOaE/K3b88M5vQa1Mycj8ACQgH5fmO8kWAEjhEhz4UsSoNpJf+wiOEHTjdv5k2ag7viE+JVS6eidwlFC1z6vqWirpOIIrSJ6AudAQAnTnN3uX1KAg==-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 7,O=StrongKey",
"serialnumber": "4289666258576754327",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIO4f0vAtyRpcwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA4NTVaFw0yNjA0MjIxNzA4NTVaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO6cJWkY+tAqOz0d4KoMdTJLmvetpZjrrhKI/bwqbd/TeWx7xYWSPM18j3j96RxTOMwBB7MHJcj+ZD8f09N+UFdSFPi1UpNUY4Ke6KesRFwwi/oGQzeaXMF+ct0zmmOi1TBIly+u3cbuaUqiikz/nz8qpTyq+AOxgZn6DjTjClYpYanU+qvRWxKHgxbvqA7fRvMPnZWI5nn/Duw3w3xdX/bNJzf5gmRulsZq5Y7I6H145PVywdQ9uOEmcR1khgA5gYPNfPj2a5fBF5LQ5Y8RAP18kJ+CqHd8etyCaRUtAiS0A+FZjgD50C19r6H5QCOjHhctGIAG8QwdK+7fwaYMhS8CAwEAAaNSMFAwHQYDVR0OBBYEFMHJ4hmbcWscIbkxErYVF0wo/mQiMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSzZLunIAxnfesv920qKGrr6VbwqzAKBggqhkjOPQQDBAOBjAAwgYgCQgELDTS2TBJcK1Up/SsHlKTN81cXD0JkcETCGTebdcDKgfFrmwYh2jqG9GQYs4yAGgjvBKeGE87WfYcK0hHZNyVw1wJCAScTObU+pJ9t8ackY4OJudUICHgw4e8FdJK5PAOBzG16MWpGZMl1ucp7q+UlsiKWYPUWbK2Kos/dbEZ2PDb5SLk4-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 7,O=StrongKey",
"serialnumber": "8421081951463236504",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIdN2xawVrY5gwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA5MTJaFw0yNjA0MjIxNzA5MTJaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjYJqTfcl5IeGA2G35KNG8bToe1IMYmMouFrsG9AlOeWmVWyQdVAqxXCXlLV78amKUFGPDyaX/8HIC/O43FEOAyiZM9y4kqpUET27y3QX8OGYJbXB+sjUnrO61ZUkT8UZ4lMz6wo+fXqHtmOkcO30tln+DiEZ9dKVK63JvyKch8cxLlHHKIsqrdHJjLKRcTnIBBXaM1VgchUcDxnNCroeS+5d1Widx0NCz0mtjANy4olImHeYAEAiifm8YYIkdEJQMxbb02zjXzw0JrWdLtR69jnsMJXQppw2CytlYk6Z2aXTim8ljd94L14lRqIJ4Hev2UiCtHdt2CnZjrsvF6GcMCAwEAAaNSMFAwHQYDVR0OBBYEFDjUJ8PK/6/WX4NqzuMvMlBiszjRMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSzZLunIAxnfesv920qKGrr6VbwqzAKBggqhkjOPQQDBAOBjAAwgYgCQgDCZHvil0MgwXOLc/iJcsxuYMvg/iFUHVJwwwsGjAKw3nACtzUjhQ76XZSGOrgmD5CC6zomSke0he7yFSYDdDzFmgJCAZ6W/xUSpc6YDHk9LKMUt8AGUsOwUCIN+pV806fTB1PWnjeMEsP/fLlnUbTUNI7/f79VI/JUhFj9Vra1R5nmgbqa-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 7,O=StrongKey",
"serialnumber": "8260812908373880887",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIcqRNko+WMDcwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA5MjlaFw0yNjA0MjIxNzA5MjlaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdduCZCm2+kBOzUu1O7aGZzYe3a00R4zX/9ugq09qhbS0ER13++xekeCPJn6aejCk2OXyeiMhhBSydXe1/Ol1K8nx1YiMZHAFGrDz7Hs/zj7EIF6t9RmsT08WKhRLh2UwaqEmjEa8brQs5F9qsfhxmhYPfmx+Hb7jywyWxNWeoIzMq2d8E8l40+Ncm/PKU1/9UPFx5DhKrPTgdbO6UZTDw2y6c8DM5Xc7aem2lH6RD+TmFuu7I05YbKANqfWGM3tIHP2hkAJ6catOzUaoBqjeaFMbBoSmjdaR3Ivn/OQ4vWiSlIFyi7+g3cq2z1dMznnmdozr0kXTi7RGreJoJTP9kCAwEAAaNSMFAwHQYDVR0OBBYEFMLnCh/oIhuZgvUqqI15WwV/wuDMMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSzZLunIAxnfesv920qKGrr6VbwqzAKBggqhkjOPQQDBAOBiwAwgYcCQgGPXliSjEjngbdg2twssmBHKi6VNyrqgCP50Qjs+BRRrKCeQpHYI/rjI7DvB583M4NwpVGF7K/nF+HlYmdCCOQ5PgJBDtmvh7r4KFQtCsV7TOW6rYGroZz+6ukqg2gKcs3XW3HZIwDT8fUF/d5PSQr3nM6U7O6OoXFxcw9XfWbsC2ZSvnk=-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 7,O=StrongKey",
"serialnumber": "4289666258576754327",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIO4f0vAtyRpcwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA4NTVaFw0yNjA0MjIxNzA4NTVaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO6cJWkY+tAqOz0d4KoMdTJLmvetpZjrrhKI/bwqbd/TeWx7xYWSPM18j3j96RxTOMwBB7MHJcj+ZD8f09N+UFdSFPi1UpNUY4Ke6KesRFwwi/oGQzeaXMF+ct0zmmOi1TBIly+u3cbuaUqiikz/nz8qpTyq+AOxgZn6DjTjClYpYanU+qvRWxKHgxbvqA7fRvMPnZWI5nn/Duw3w3xdX/bNJzf5gmRulsZq5Y7I6H145PVywdQ9uOEmcR1khgA5gYPNfPj2a5fBF5LQ5Y8RAP18kJ+CqHd8etyCaRUtAiS0A+FZjgD50C19r6H5QCOjHhctGIAG8QwdK+7fwaYMhS8CAwEAAaNSMFAwHQYDVR0OBBYEFMHJ4hmbcWscIbkxErYVF0wo/mQiMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSzZLunIAxnfesv920qKGrr6VbwqzAKBggqhkjOPQQDBAOBjAAwgYgCQgELDTS2TBJcK1Up/SsHlKTN81cXD0JkcETCGTebdcDKgfFrmwYh2jqG9GQYs4yAGgjvBKeGE87WfYcK0hHZNyVw1wJCAScTObU+pJ9t8ackY4OJudUICHgw4e8FdJK5PAOBzG16MWpGZMl1ucp7q+UlsiKWYPUWbK2Kos/dbEZ2PDb5SLk4-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.