Product Documentation
- Release Notes
- Introduction
- Installation
- Administration
- Operations
- Security
- Operating System
- Policy
- SKFS Policy Module (PM)
- JSON Schema
- Minimal (Any Hardware Authenticator)
- Moderate (Specific Authenticators)
- Strict (All Biometric Devices)
- Strict (Android SafetyNet)
- Restricted (TPM)
- Restricted (Android)
- Restricted (Apple PassKey)
- Restricted (FIPS)
- MetaDataService (MDS)
- FIDO Policy Options
- Back
- Back
- Configuration
- CLI Tool
- SSO
- Back
- How To ...
- Add an Additional Server to the SKFS Cluster
- Create and add new alias
- Debug Replication Issues
- Manage FIDO Metadata Service (MDS)
- Manage Keystores or Certificates
- Manage SKFS Policy
- Manage SKFS Configuration
- Perform SKFS Operations
- Replace a Server in the SKFS Cluster
- Back
- Troubleshooting
- Standalone Node Troubleshooting Guide
- Clustered Node Troubleshooting Guide
- Error Codes and Their Meanings
- Solutions for Known Issues
- Certificate not found in truststore while Authentication in Discover
- CORS Missing Allow Origin or ERR_CERT_AUTHORITY_INVALID
- Json could not be parsed : Invalid 'request type'
- Json could not be parsed : Policy requires counter
- JWT CIP 192.168.x.xx does not match: [localhost]]]
- mysql binary does not exist or cannot be executed
- Remote server does not listen for requests on [localhost:4848]
- RPID Hash invalid - Does not match policy
- This security key doesn't look familiar. Please try a different one.
- Back
- Back
- Developer
- Sample Applications
- SKFS API
- REST API
- SOAP API
- API Security
- FIDO2-enabling a Web Application
- Back
- Build SKFS from source
- Tutorial
- Discoverable Credentials
- Back
- Demos
- MFA Implementations
When excludeCredentials is enabled, a list of credential identifying information of previously generated credentials is sent to the Authenticators during registration. The Authenticator will check if any of these credentials were generated independently; and if not, reject the operation. This avoids having an Authenticator needlessly create another credential for the same account and RP. A user with multiple credentials for the same account does not add any more functionality than having a signed credential; the user will use their username and Authenticator to authenticate themselves in the same fashion with a single credential associated with their account.
- enabled: Sends a list of information of credentials to avoid duplicate credential creation.
- disabled: Sends a list of information of credentials; potential for duplicate credential creation.
Copyright (c) 2001-2024 StrongAuth, Inc. (dba StrongKey) All Rights Reserved