Product Documentation
- Release Notes
- Introduction
- Installation
- Administration
- Operations
- Security
- Operating System
- Policy
- SKFS Policy Module (PM)
- JSON Schema
- Minimal (Any Hardware Authenticator)
- Moderate (Specific Authenticators)
- Strict (All Biometric Devices)
- Strict (Android SafetyNet)
- Restricted (TPM)
- Restricted (Android)
- Restricted (Apple PassKey)
- Restricted (FIPS)
- MetaDataService (MDS)
- FIDO Policy Options
- Back
- Back
- Configuration
- CLI Tool
- SSO
- Back
- How To ...
- Troubleshooting
- Error Codes and Their Meanings
- Solutions for Known Issues
- RPID Hash invalid - Does not match policy
- Json could not be parsed : Policy requires counter
- Json could not be parsed : Invalid 'request type'
- mysql binary does not exist or cannot be executed
- Remote server does not listen for requests on [localhost:4848]
- CORS Missing Allow Origin or ERR_CERT_AUTHORITY_INVALID
- This security key doesn't look familiar. Please try a different one.
- JWT CIP 192.168.x.xx does not match: [localhost]]]
- Certificate not found in truststore while Authentication in StrongKey Discover
- Back
- Back
- Developer
- Sample Applications
- SKFS API
- REST API
- SOAP API
- API Security
- FIDO2-enabling a Web Application
- Back
- Build SKFS from source
- Tutorial
- Discoverable Credentials
- Back
- Demos
- MFA Implementations
Cross Origin can be enabled or disabled for any policy through this system Option. If you enable crossOrigin, it allows the server to authenticate a user from any one of the allowed origins from the list provided in the "allowedOrigins."
For instance, when a user registers with a RP with an ID of "example.com," an authenticator registered on example.com can only authenticate on rpid with same domain as "example.com." However, if you enable crossOrigin and provide "login.com" as one of the allowed Origins, then a user registered on example.com can also authenticate when he logins through "login.com" domain.
"crossOrigin" : {
"enabled": true | false,
"allowedOrigins": []
}
Copyright (c) 2001-2024 StrongAuth, Inc. (dba StrongKey) All Rights Reserved