Product Documentation
A very secure policy:
- Requires iOS 14+ mobile device
- Requires use of the Safari browser
- Requires TouchID or FaceID
- Uses Apple attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-Apple",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1695937015",
"endDate": "1760103870871",
"system": {
"did": 7,
"requireCounter": "optional",
"integritySignatures": true,
"userVerification": ["required"],
"userPresenceTimeout": 30,
"allowedAaguids": ["all"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["none"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["direct"],
"formats": ["apple", "none"]
},
"registration": {
"displayName": "required",
"attachment": ["platform"],
"discoverableCredential": ["required"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "blue.strongkey.com",
"name": "FIDOServer"
},
"extensions": {},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 7,O=StrongKey",
"serialnumber": "1522817945",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIEWsRbmTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMDE2WhcNMjQwOTI1MTkwMDE2WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB+J3OWrPsX06a2Sjxqil/o2r1opQm4B3+5sFJPTd69H1pSehPqpGwmSiryVnHcizssOALVPLY3U1YNMgCuDrI7OQAR9n+Pt0iS9nbMAfB1E8BkAWBnsJhPPE63dMOfTqPRJiQ0F5c+BPj2/YLTzEUmXIZLGquXzk4zd4otsua3hKFtmGjQjBAMB0GA1UdDgQWBBQ2Lmwro9C4p1tJfj1p/sYJWRRz8jAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJCAPxMq+wpNFNGImb8tcrCsfIsutqbtcNQ2EdCGm8HjgFwY5U9sIDT1PoJ7PajSJr6ztvB0T8Y7s4sW3uTykiea6ejAkFw8ggB0W8FvoXLe2ZU32kAiDIckYmxAPVqVulmkpxudlqXtSYU8n3L8R5ne6+VjIrTaDkGrJ/W9zsQP6rXEjbqXg==-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 7,O=StrongKey",
"serialnumber": "46246811",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEAsGrmzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMDI4WhcNMjQwOTI1MTkwMDI4WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFSxN06eoZKv2Z+rkxnjzgMmq2RhamSUQLfGW0TWvcNsOIpa3NbZCG8eDrdX2UCZvNg8J4fe1D1ub9FyZT2vT26jQjBAMB0GA1UdDgQWBBQAqRWU/SMfqzzryf3NC7k9mxKq5TAfBgNVHSMEGDAWgBQ2Lmwro9C4p1tJfj1p/sYJWRRz8jAMBggqhkjOPQQDBAUAA4GLADCBhwJCATiUC7+p4roPpohLRCfbzR0xaLT3A0trnanvlk1zJkh995NZGfUF5UwU5VVILEpN8XgfjbIABFPrFbVHg90uEEw9AkEzIrViOIxdl4l7+8+0wx0b9BIFKhQGhFnJt58gQ6WxFyGY9wJHMtzLxRIOqEgdiWR2sD4KPppQq6uIkriOOFD+HQ==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 7,O=StrongKey",
"serialnumber": "885356018",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIENMV18jAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMDQ0WhcNMjQwOTI1MTkwMDQ0WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIw0xBtik7mNc30yIBpVCUMNOOfxa+M7Mx9h8OYYB2IoTAX2xQyCjAQezjPVApEmlRjx2QspHC+YnI9cGzCQk3yjQjBAMB0GA1UdDgQWBBR6xuw1CWfnLGuxXbO1YVfSgvNMSTAfBgNVHSMEGDAWgBQ2Lmwro9C4p1tJfj1p/sYJWRRz8jAMBggqhkjOPQQDBAUAA4GLADCBhwJCAM4XgqHIv6Z6lWsJ2/7tx26EIKPgYAxPj6dzPVCvL7TchGBimikzBxDc/3EqDRJa2VlLSBbYMN4RrwbgyH3bEl+4AkFgnh+eIvvi6TAmrX3XQ5njXizq67YXBQOii/dxq8gC5SiNH9DUF8eiTFcFxKJH71WY7/iUxJoNf6Hvtky9ySJW1Q==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 7,O=StrongKey",
"serialnumber": "1811991215",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEbADKrzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMTAxWhcNMjQwOTI1MTkwMTAxWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMMFXJTIiaGdDCwhVbZGPgDtwaJgWPDVy3MbbW8gVDt2Y0Z/ASNb5jtR3/I38MWkd1j50al3nhCG/11y2COwX3WjQjBAMB0GA1UdDgQWBBQ7R6FWPtm3qdRCAgiGCo+5A44U6zAfBgNVHSMEGDAWgBQ2Lmwro9C4p1tJfj1p/sYJWRRz8jAMBggqhkjOPQQDBAUAA4GLADCBhwJBaOwBwYM9ZYl1CLzEbPK++5RtbaqIQCfm54TRGBWxaOqQQlHG43oW1UgxkHXuYi2TFp/fXFLDGTK1+vG+XOF8VgMCQgFAnwQLoVAr+72lkYRbe9bmG9ZzjVlti6baGWm9Xms2l+gZWz209DxYYa4UrFOEB21mVB/xwmAqSqZE2zbcIq1PeA==-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 7,O=StrongKey",
"serialnumber": "181265718",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIECs3lNjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNzQ2WhcNMjQwOTI1MTkwNzQ2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ZiF70cY9hLzHYc65KkCrVCeS0DdBHFVl4Z7Iivw6AM0BWlZiYHusLEW4JzNaB6d04smpqNJOkYMwmjNOAsVwVEvIueu0Rn+FuUAaS5osfaMw5LGgTmVQQyynONakWSHEuT15/gNJSyiUPqvngfLR0WbF3C9M0ip4YvBmsCKPKObDKZuA+MOntDHI0w1U477iw7cawxjXWzHfDe/1f3lyr6mAHNxswqQ4jcUm1xzmb6c6K7XO+mdjU+5UVWGuG0JTcQAE3y6J6FvMsl6ynCiX0pAS2sgZtJoeX//F5MaTarKKq0dPvWkPO8eBLgQ0rkPa9SKi9mT8o1e7R/apBJAjAgMBAAGjUjBQMB0GA1UdDgQWBBQqh7HzjBgYMezYSU+TOSHGZ/B03TAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUNi5sK6PQuKdbSX49af7GCVkUc/IwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQQ+F9zhPchJwTZyLGkKpfmbks2jdlEHmc3jQBPQv4brc1OW8B86WuXhHf/OFc30nTsrPKG6FmCnI6X2wR/gCHYl7AkIBo/7mrZEEQOvdag0ViTnj2THvQA2ZriaopFaZZUH1YAk6tKrlDsPfUkU/pNpbLCpHKOaMkigqe0ZRpOtoqDaLbkI=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 7,O=StrongKey",
"serialnumber": "1883424439",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEcELGtzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwODAxWhcNMjQwOTI1MTkwODAxWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPhdllE7znsZ7I7MdM1Q9HTKTLNop79hl0kwC17HFSp5uNU1xobQ0b1ApPZRkB5F9r7PrLr7Tb0zoWU1wn0oKKfFdV2JTfQI8Hr+FtuvuVl8J+MEPql/dwsVN0U/ORRdgdQ8i/CXuTqChRz1l7YVwO6fHy1TkziRav8VcZQkyM4OMxtXuDUAmwvYoqQh7rRQddQ+mWjvsAaFfSsj0aIlDCrLf7oT4MASGo8FNpUKke6T5xvGEZ0TS0uvF/Vj5M6P5GW0Yrmha+FEkj3hsEH2c2GquIFA6+EkkwwBxGB1Rcp6LhUpHKyLxu3QqyXwz0y5wTD5N7zOSxRqqPzqDBY3IdAgMBAAGjUjBQMB0GA1UdDgQWBBTaP/pds/XV5/PFMLTjg4xb+tv3YTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUNi5sK6PQuKdbSX49af7GCVkUc/IwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgFtdUFwKZZiFvXfj2kmilPKsn5asjYKI2Z42u4CTu6B1bsHO9M7bglPStGKYnW+Sq6jZfrt/MI0T8ztfB1Bp08/BAJCAPSBw5D4SVtjDhqtIRu8v/4/SY+uJw0dVHcgvC+tSHrW82+LuNjLt7Kj3Vlsb1pblfQZqsBUi/khPY5/5M9Cg9Ik-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 7,O=StrongKey",
"serialnumber": "155421479",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIECUOLJzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwODE4WhcNMjQwOTI1MTkwODE4WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCifzDnd3cMjuE6IHGg+3D6nM20GFaJWg0czpxUOQclOWVVW9vRc6qW0bFgvFZ+IiUHHtKVZrxFgLk8CEVPSiybJa+UpOnqZ9EL1BCBUlLiIqK/05KvtGv/4WQudeGS3LymOwKT6/GNpLYuRQjO2tMuCwvlmcfAUHY3wrNnDWuD3bfKwxW60HCIUzjeWOvGKCfwgmL1Bv5FHo5B5/8lQ0fANWSGUi48OK9yjjBw3LtDTznoQYciptrIkjYcW1PoVmN0WqAB5Q662yiBNjOdv/u3gerE6wACcTshzLsmQqUmO2zbmDW+LQPDoOnBc3oQHrA0367AqCCczge3iHAGN427AgMBAAGjUjBQMB0GA1UdDgQWBBQZIp3AM30cur61CBDreNiFrtepZzAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUNi5sK6PQuKdbSX49af7GCVkUc/IwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgHYYfuYXC2AIqxVy6SrNCzCaypuMfzWjbQ/affKwFJNmFXdWIMixS3FR/mMZ46Kf0vDUCnARPs7tISYBDTN54pylgJCAJKOjjUpSmCPN4K9ZSsup9uzEXztBA7M6cRxcFasivGrXZMGEPWLc/TabF/GUci4DuXp6a7/dZkj/p8pyuaNceUK-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 7,O=StrongKey",
"serialnumber": "181265718",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIECs3lNjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDcxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNzQ2WhcNMjQwOTI1MTkwNzQ2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA3MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ZiF70cY9hLzHYc65KkCrVCeS0DdBHFVl4Z7Iivw6AM0BWlZiYHusLEW4JzNaB6d04smpqNJOkYMwmjNOAsVwVEvIueu0Rn+FuUAaS5osfaMw5LGgTmVQQyynONakWSHEuT15/gNJSyiUPqvngfLR0WbF3C9M0ip4YvBmsCKPKObDKZuA+MOntDHI0w1U477iw7cawxjXWzHfDe/1f3lyr6mAHNxswqQ4jcUm1xzmb6c6K7XO+mdjU+5UVWGuG0JTcQAE3y6J6FvMsl6ynCiX0pAS2sgZtJoeX//F5MaTarKKq0dPvWkPO8eBLgQ0rkPa9SKi9mT8o1e7R/apBJAjAgMBAAGjUjBQMB0GA1UdDgQWBBQqh7HzjBgYMezYSU+TOSHGZ/B03TAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUNi5sK6PQuKdbSX49af7GCVkUc/IwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQQ+F9zhPchJwTZyLGkKpfmbks2jdlEHmc3jQBPQv4brc1OW8B86WuXhHf/OFc30nTsrPKG6FmCnI6X2wR/gCHYl7AkIBo/7mrZEEQOvdag0ViTnj2THvQA2ZriaopFaZZUH1YAk6tKrlDsPfUkU/pNpbLCpHKOaMkigqe0ZRpOtoqDaLbkI=-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.