Product Documentation
Very secure policy:
- Requires user verification: Biometrics, PIN or Pattern
- Requires restricted algorithm: ECDSA
- Cannot use NONE or SELF attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "SecureSKFSPolicy-AllBiometricDevices",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1745341841",
"endDate": "1760103870871",
"system": {
"did": 3,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": [
"required"
],
"userPresenceTimeout": 30,
"allowedAaguids": [
"all"
],
"transport": [
"usb",
"internal"
]
},
"subdomains": {
"enabled": false,
"allowedSubdomains": [
]
},
"relatedOriginRequests": {
"enabled": false
},
"digitalAssetLinks": {
"enabled": false
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"none"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"direct"
],
"formats": [
"packed",
"tpm",
"android-key"
]
},
"registration": {
"displayName": "required",
"attachment": [
"platform",
"cross-platform"
],
"discoverableCredential": [
"required"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 3,O=StrongKey",
"serialnumber": "-2520882455388979468",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbigAwIBAgIJAN0EBsNWBn70MAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTY1NjIxWhcNMjYwNDIyMTY1NjIxWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQACNQlw8o+e4bcZpqDWnlD8VlrKmv2p4ZSzfQhHCI2QgC5rwpRaJRchSl1H5zS9KQ7rybaPLfOI9m26VLkyCC8+tkArJEKV+JtHYiRYHEzdrHq05sclhd0LFg4qyB0Cri+HRMjKPHtCFCh9lpEgX6ZqG+GCixR4GMirMNAO4YTlQnHLq6jQjBAMB0GA1UdDgQWBBQjnG2QPQa4doMHSl6HSZOD3CDjnTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQgGK5pGhLa0FkyuqxiNUsPVUIGgFZH/BwOLGeLk5KxlBsRfoBCH8EeW5uZriq/m+4XlsR/r8tVP6PsK6a4YEP7og1wJBXRZmSWv1/9t+BiwWAjIURMqRYn3G+j5fwxZGEbr2eTqHqAdlf6yPtuphM15HCDUIXGH/TSDeMJ6wkhFiounVDJM=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 3,O=StrongKey",
"serialnumber": "3988031929163341919",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIIN1hV6PqyYF8wCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU2MzNaFw0yNjA0MjIxNjU2MzNaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqKSbFcTJLaQbgIFJAfxq9xcANVttdwRqG+6UAOZNm9oejgRDGlvn676rAFMBPlxlAGEZ+T1qvHwdCLVYwQstWKNCMEAwHQYDVR0OBBYEFLzf0hCGyE+sR7SZlYeOQq2hoQZJMB8GA1UdIwQYMBaAFCOcbZA9Brh2gwdKXodJk4PcIOOdMAoGCCqGSM49BAMEA4GLADCBhwJCARYYggmELei6Yf6YvrPeBZSqdyMX9PM7K8Y0mMZoZr+pCTLnM9gHmMcyPWVBEDxPtIXI9Ej4rP0SqseSTQlY005EAkFsWi0BIt4jQE5bmEKlHtsbd0ONn7XU6ev4i7MHt9zOBC6MdNyfrTOAsFizj05pErRRielQlKFBTqtbFiPDwNGYVw==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 3,O=StrongKey",
"serialnumber": "-7080878014219662002",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAJ27qvZQkE1OMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTY1NjUxWhcNMjYwNDIyMTY1NjUxWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMy/wfgfGDBt5mTMZ6v3PlFeeUpWV6XOGYlHIDnWt+XSv+2ib5AH23iS3AzkLkSs48lgDgjhvCPEgI3nBNullKWjQjBAMB0GA1UdDgQWBBTs4syLJ7sROPgaH+Dm+ddw1r1N/TAfBgNVHSMEGDAWgBQjnG2QPQa4doMHSl6HSZOD3CDjnTAKBggqhkjOPQQDBAOBjAAwgYgCQgGrMpPopo1fcwQ2rwv4gJj+aRzOjiD+qqlL2Z6l9XiSyYMX7fD5agtIfo5c2Fove5OjxWyvlETtzYm5gFhS2AeJUgJCATCbAg94Udwa1lBNbLK0yNNKWNrJ6ADjFeLgrd3zqSDNAxPBDCX/wHZ0cQFmOUR0PosL1er5g/uPGR0ogv1Aut+X-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 3,O=StrongKey",
"serialnumber": "8786171287412588662",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIIee7APBn2wHYwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU3MDlaFw0yNjA0MjIxNjU3MDlaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQs5qF+rBo9f+ZT1gSH3Z8qw7gqwppKyed8LbumCQFbi+k8CtB8F5qS2PH1x4GHoIG4P4Nd+mYzImFjJuGevF36NCMEAwHQYDVR0OBBYEFFqkFwDNyHNDFNyiEjdX2XuY6WNnMB8GA1UdIwQYMBaAFCOcbZA9Brh2gwdKXodJk4PcIOOdMAoGCCqGSM49BAMEA4GMADCBiAJCAOj1XS3PPedog/rBapj2lSQk5PSbSgwqI/6et+0CbUbZ6Qc9ZkMD0NYMKuLEcmtdzw21J0hZrp2Sm9vfEoOiCviKAkIB6LasiGIhSrJs0Cp9hWuvMrRlO7UZjywdS2MhbDpvMiXqyaFwQeaR5Fl4H/hmy5C1rlrwz1Rz4NI+mcq87LQYxgQ=-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 3,O=StrongKey",
"serialnumber": "-2729408790372017064",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkagAwIBAgIJANofMSqLDBxYMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNTA3WhcNMjYwNDIyMTcwNTA3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnlrJg7ahdI5M4TWvF2k4KGZWulX/5ZjPMa43oX/swX0xoiQ6lWz+r1Uni5NlH0ULX5JXR/PzZvLV8/e7PTDf19pOs/11PlBaKIHLL7as+9L6JPDWjdox0CUxvmX1UhJb5j0dBZ+6JK2Q6BO5+MqgT+oSfObQ9ZfTqDzG02YIkdncZ45JwxmYEyeZktIKlj96PNFpEzc9upolqnEYBVJ8BMzluLYBHFJ0aX1MLonhofDFGn44yEj7JfxCSwUen3qYEggGwRDiFH/sTy1xLMOKlYufbNf1YO1pOdGyzXYaFDvjn4v2VWd5B3Un1GrmR44eKG9r+Bq1gHh7EVRC1uWCbAgMBAAGjUjBQMB0GA1UdDgQWBBRWNSN3bLIW+v9ROcHbSnp9uKh/AjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUI5xtkD0GuHaDB0peh0mTg9wg450wCgYIKoZIzj0EAwQDgYsAMIGHAkF4d7nbJxbi5fNDM9n+DzWaqo2nRHmB7W0eYjUEuNbW9bW3/HK2REGZM656ESA5+6uoPDdb0As02vaeOtaMJ4Pc+QJCAZuvvSXHjjWXYrNXbdaf7f/6WTkdkSOx3PdThFBdYLHnVT1jV777mJ1R+vIl2t4MRlWtYxZFbi2rpR4igmsceglE-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 3,O=StrongKey",
"serialnumber": "4438459775905697692",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIPZiTpnS4D5wwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA1MjRaFw0yNjA0MjIxNzA1MjRaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI07I4jB1Yf+zItAGUJVCeoh9y/3L6t5h+9pgAKWujjNBx7+doKd3mDIkHC/IF0mUStz7Ntojv9tYL9tuq2dEiYxSutl0zvhwOGENfDDnNq+KPqgcojO/1LpAD26Hj1jmBHFGspUbZbULyagyD6k2aObwTe/DdfYYotyUvuWuWkvpuYWcDE5erRIOmGzDoE7b/HN5fpV8GvY7t+T7TahE3d4XMdyh8l1WwFCXbwJHLQtw0DqqDIdzH7nlGja6gjQJ734Ytxz962I+tixLAwTf7RU9WOv2Td5bPCePr/HdrBrnMQm9Jjr+YYLxfZG08l7r2FxNAxqfTYsIQf1Wq3rGFMCAwEAAaNSMFAwHQYDVR0OBBYEFPXSj4aP1mn8CLW7EWJlqzk+Y/KkMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBQjnG2QPQa4doMHSl6HSZOD3CDjnTAKBggqhkjOPQQDBAOBiwAwgYcCQgD+cIQPGfazkMB1Yfsa7Ilk8+e/ltc1YZ4XBW96RoOg2wMrHqkD5RFhFY5f2n8OSRx7YI8l8z2b5nT+Dg1FMAt9KQJBIdRYvDOspw+THT9ElTsQPtY7ze9MQWkKBdmF5IKf6QsKU9VbFE8dopt4mya7FoK5ayDwenfFviGLvDYc55wHsbU=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 3,O=StrongKey",
"serialnumber": "7024711178314607901",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIYXzJmSEobR0wCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMzElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA1NDJaFw0yNjA0MjIxNzA1NDJaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5jm6ZorEw7zOmBZLvw/OBAbhStR0YC3kTdDpJCXGwkcu7GciEKz15eUBSVUiJdiwTDVGI5SwdtSQ/zh0HLgZcP+GnqQOYF/C6n8vOUFI2hDFYUfdcxnCBA1G0dA8t9vI87U8so/1QogT/2C3OvTr8KLE3Z4dYly4jBtgNxYmCFqIFoJAoDUqlnn7DcZo6XVsaPSS+NebcpBufaQ+F2Ip3kIPcDkcNlmqAY/ZVd0i2DryanQ3n5mugRLqF0HUolx4OAfDduqlRUxExv3Q2vtCidrHiP00ZBOTgWgwWQblKehl+VOmKxKQ+E+RenZWx0HH9OO83AQUGssQkucfqhr30CAwEAAaNSMFAwHQYDVR0OBBYEFALset2HWat5j/7U6rC2y7Qal2ueMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBQjnG2QPQa4doMHSl6HSZOD3CDjnTAKBggqhkjOPQQDBAOBjAAwgYgCQgE45al3M3eP9+F3bXgMl+lUSQknVDHE9BAo68RDhdFYmCOlFSu3uAMsmG2Y0I1HsQfKqEe0MLnGy2oJdW7lipXdXwJCAQhbBZxvThCF5W7gmvhMLheSoI14Pjml8lAw0OtCfagH2USXXq1oGCw80K9Lg0emvxDbdI4wmH6088DmvON22VZZ-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 3,O=StrongKey",
"serialnumber": "-2729408790372017064",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkagAwIBAgIJANofMSqLDBxYMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNTA3WhcNMjYwNDIyMTcwNTA3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnlrJg7ahdI5M4TWvF2k4KGZWulX/5ZjPMa43oX/swX0xoiQ6lWz+r1Uni5NlH0ULX5JXR/PzZvLV8/e7PTDf19pOs/11PlBaKIHLL7as+9L6JPDWjdox0CUxvmX1UhJb5j0dBZ+6JK2Q6BO5+MqgT+oSfObQ9ZfTqDzG02YIkdncZ45JwxmYEyeZktIKlj96PNFpEzc9upolqnEYBVJ8BMzluLYBHFJ0aX1MLonhofDFGn44yEj7JfxCSwUen3qYEggGwRDiFH/sTy1xLMOKlYufbNf1YO1pOdGyzXYaFDvjn4v2VWd5B3Un1GrmR44eKG9r+Bq1gHh7EVRC1uWCbAgMBAAGjUjBQMB0GA1UdDgQWBBRWNSN3bLIW+v9ROcHbSnp9uKh/AjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUI5xtkD0GuHaDB0peh0mTg9wg450wCgYIKoZIzj0EAwQDgYsAMIGHAkF4d7nbJxbi5fNDM9n+DzWaqo2nRHmB7W0eYjUEuNbW9bW3/HK2REGZM656ESA5+6uoPDdb0As02vaeOtaMJ4Pc+QJCAZuvvSXHjjWXYrNXbdaf7f/6WTkdkSOx3PdThFBdYLHnVT1jV777mJ1R+vIl2t4MRlWtYxZFbi2rpR4igmsceglE-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.