Product Documentation
Very secure policy:
- Requires user verification: Biometrics, PIN or Pattern
- Requires restricted algorithm: ECDSA
- Cannot use NONE or SELF attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "SecureSKFSPolicy-AllBiometricDevices",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1695937015",
"endDate": "1760103870871",
"system": {
"did": 3,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": ["required"],
"userPresenceTimeout": 30,
"allowedAaguids": ["all"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["none"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["direct"],
"formats": ["packed", "tpm", "android-key"]
},
"registration": {
"displayName": "required",
"attachment": ["platform", "cross-platform"],
"discoverableCredential": ["required"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 3,O=StrongKey",
"serialnumber": "1358605454",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbWgAwIBAgIEUPqsjjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NjAxWhcNMjQwOTI1MTg1NjAxWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAHTeYj0bNqQcP6Cjf6VOTaxG4sBottiMUgwYwURjpWzBnqaveFxRQw6vvTKQrvGIlG4vcR0uY9LHgaDtqKtUit2UAzhMn5RnfY6MGL6Fpdf73R19bsz+cRxZROeSMi5989/JMKiQWFxmWQpas+PZD/gESY6YokEbpOvvGjDHR8HpN3z6jQjBAMB0GA1UdDgQWBBQ/9Gr8NilIj+05paEZnBgJynjNsDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAKXtPeaxNZLGUQcmjk6DzhKLXEih1bhKqsXN9K2sz+VC3cPB5r33sDakHmiReUsZU/yfjSgS1Xspg3j3VjAc30AJAkIBMZWO6JLWfR3KvtSXm5tod1Hm/XXXdsZtmhkM38jXg6Lhb4sSjKHhueUWIsUezJsJ2lvGdtK0HjrQYHleZWewFJM=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 3,O=StrongKey",
"serialnumber": "487877767",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEHRRshzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NjEzWhcNMjQwOTI1MTg1NjEzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHBVjmSMmjbGQkkfLqXb5xf5Lh02iFbfOKsgh6N0iO7jsh58V6bNAcvjxQWmldnlkaaDEeM7cudhXczOwqB5bTOjQjBAMB0GA1UdDgQWBBTEMWX5p2kfqkTJk2G9FSpzuB9dITAfBgNVHSMEGDAWgBQ/9Gr8NilIj+05paEZnBgJynjNsDAMBggqhkjOPQQDBAUAA4GMADCBiAJCAXu0eOjVzMtjwAZa1+796VZn46d2mbB99hed/fDM8ssuc92mY0Xh9QjOw4dHQZrpJW+GDtS4s8rj/BMOz11jTPabAkIA32nu0zEzEsBoqswIk5MCyyg+Et1YQf6zAAKkSVcwXsp9oirPml6n9Ssq4MMpbCIOlzYrEy8E9ehmimyJ6oFu60o=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 3,O=StrongKey",
"serialnumber": "1276914563",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIETBwrgzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NjI4WhcNMjQwOTI1MTg1NjI4WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA5nu15o2QKoyf0h6W2Fhj/O8IK2zcilasqIsUh2jTY/TXTMzKkNrQK4J4+ox+Mg+7cE7jQBOF7C0jFstRzKVqyjQjBAMB0GA1UdDgQWBBQCFr6PykrjXJhCca+DePtzzBhd9zAfBgNVHSMEGDAWgBQ/9Gr8NilIj+05paEZnBgJynjNsDAMBggqhkjOPQQDBAUAA4GMADCBiAJCAVq4sCfdXLS69r8RBMMk/73I74SEJbUqQ9oFwHtOlYAz1s7eWqrou8eGE4bIj2vUqzVgiXXU+5mSatUy4YC5HeS7AkIBlJyZnFhDmf7trrKL39ayjWz6cwzAX946KXyob7cawkOfmwBEH2wOQx70WFKy0sGCKL6EKdPeJ2EmFaZDVpSt6J0=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 3,O=StrongKey",
"serialnumber": "957756431",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEORY0DzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NjQ2WhcNMjQwOTI1MTg1NjQ2WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHtMEKFx6O0jNPLWHMJ9XiX2UrBtOKvIBjm3cqg8zhJq9PpkarbYDVLj3NOWNeeJXQBK8Jr8cRpeGyKmRiQbWRmjQjBAMB0GA1UdDgQWBBQ+8csGLLJ0ZSlOnZkm6WQ8b9zg2zAfBgNVHSMEGDAWgBQ/9Gr8NilIj+05paEZnBgJynjNsDAMBggqhkjOPQQDBAUAA4GMADCBiAJCAOuDWHVjTEht3n1rRM6etVu5ciBh+TcFKg30if76HoDzBPGU62JH8AFwmcIRCa9BSosN8iy4r0u1FNfpeqBOiA3hAkIAiJ68fiQitR79o4qxQsZZlbvNoiwCeLQGTMF5w3zH+ir2FAelv46ATSjPOsUWVyIVREGhD8OodIKZGv+7FqhyAWk=-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 3,O=StrongKey",
"serialnumber": "1116626490",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEQo5eOjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNDEzWhcNMjQwOTI1MTkwNDEzWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm+vVDsyWFBO8oWP3TGRqsvDaJqzjqKQasJt58NWssb/iFoa7nF62M9Dz9295trVajJRpqubOazPlaDZbxCz0Z36mo5g9gpyNcqeUfqOD/8U9kRKvnzsXDAw+1SvBoKyRGfsxhjMrUvavfhMKDqI37vM3rm4YcxgKlW0GU734sMkbJrufvgU6hzq2q5KnTQ+M2orYgwaNsuHUdn62UmTxn4dISCR83FMbd/BspXjfC/6wikwYvdtsQnEt9dhW0Z7GwCGD0pO4m5c/eah8w4wy7UsHWJ0dfMLmDIN/6XghceYyzZP4qEjMBNdYOu+Iadq2fUZT1vUCmYWIpz1gzrWBlAgMBAAGjUjBQMB0GA1UdDgQWBBRbcbsk7reQQG5cAljTwY9MSBL4WTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUP/Rq/DYpSI/tOaWhGZwYCcp4zbAwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgEsgXHfOH2qjcnVujA/2xoPgUEVNy91bcqe8Z/wK3X7eQzjOzK6SduxW+k2hdZ3X/0jRLg1RJTuiicMxXHtRbMuYAJCAdtEo1BRUkZXKm5codaf+dZjDPnv0zVWcojfFt3dplw3nHXiybJSyON3u50gasjgU+E4BdLw6Q2fIAn/B+HPgLPw-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 3,O=StrongKey",
"serialnumber": "2082633476",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEfCJ3BDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNDI5WhcNMjQwOTI1MTkwNDI5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeoiLF0mHQR0RdBKcm34thNdUTzexttdQqqrVJ3Va1ULKNcVz1BRCK4ztkZx+9GciSC+akQ6soZeY+y0r+KMVXnnsy8GN4V/+CWwEc2/rMUiZDGnS+/mMFzvnLNkLemaE6SguMD7px61QdgWGv2J1Uy2aU547Y0ov2N2b4cWOlJoh3qvFSRAehvFr2wvtshDfIyE5BuHw3F/iJWEswncXSyVSWxfE/jDD7WVPKlC3hg+bSbuP0a2ng/K89bj+jn/P35+mfcplonqLN++kYM2Jz6e9SfFzr1XULfOVDguQeWfdYWAyneVmzAp8P9PGz3jgWL4Bze+D/MXmZkBKPUDQJAgMBAAGjUjBQMB0GA1UdDgQWBBQZsnmsAsQi/LrDi2Il6uHp4oBZFDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUP/Rq/DYpSI/tOaWhGZwYCcp4zbAwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQRZ/wXhhdlTClHWPkTHhOpXkFVgTAzQTt5GLkKTs5a7dwZvA4mwu15025f4n7Cev0NqiiKKemn2KvZI5elONVUyxAkIBBq2jQGq1CfzPGUW7lS7oTcY1k6+5bPDRs6iq0TB6FIQQJKIA6TsTlw4J+e8MI2UXPrlle0C6na7EdPSErVqRT80=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 3,O=StrongKey",
"serialnumber": "1988541459",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkOgAwIBAgIEdoa8EzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNDQ2WhcNMjQwOTI1MTkwNDQ2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Gkljtt+fahlgDSA64lXVCYW6C+8sfSbel6ZDuP6zchOQOcGMLgfMEm+yqDIBlj6TPJyVAMDFQF/o3xZY7/U4aeM/usP7VQlU1FRSCjVmIavvV4AEE3UTFt8Mivuy/0NDH73SDDVhgAGamwpPggdqG3SxAbHH29O7UzaViu/7dS1HGi2DpgzTz0VckCfz0x38OqpXOirHtC2sshTsYfbu1zX6fRmnIpXNzWNnC38x1EU6Trx6uXrnRW+RipPo6cWSr2fx7Efucdat4kDSjLuIZuFFWaLvf9bso+oNattukrkwvJMUjvYA0TAagO9siWlp5Qck5L4p9cxgWU7lV0KvAgMBAAGjUjBQMB0GA1UdDgQWBBQDa/lmJ83MX9urLVFho65d7Ypv/TAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUP/Rq/DYpSI/tOaWhGZwYCcp4zbAwDAYIKoZIzj0EAwQFAAOBigAwgYYCQWSYATHBYjFzVLDxJQCONxZgL60ySXEXV0T0T5EaOPqxcVuACfotPT36NH+p719DpmbOnrcBSgOHTb3qvNJZ3otdAkEeDUx3nFrzMQ/fGZp+Zv55y0gNnTREoknzOx+A1RMEblZga673I0DXJfNWV01JEHqoQPXGYMsZ6UyiTFGnM4GKEQ==-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 3,O=StrongKey",
"serialnumber": "1116626490",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEQo5eOjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDMxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNDEzWhcNMjQwOTI1MTkwNDEzWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAzMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm+vVDsyWFBO8oWP3TGRqsvDaJqzjqKQasJt58NWssb/iFoa7nF62M9Dz9295trVajJRpqubOazPlaDZbxCz0Z36mo5g9gpyNcqeUfqOD/8U9kRKvnzsXDAw+1SvBoKyRGfsxhjMrUvavfhMKDqI37vM3rm4YcxgKlW0GU734sMkbJrufvgU6hzq2q5KnTQ+M2orYgwaNsuHUdn62UmTxn4dISCR83FMbd/BspXjfC/6wikwYvdtsQnEt9dhW0Z7GwCGD0pO4m5c/eah8w4wy7UsHWJ0dfMLmDIN/6XghceYyzZP4qEjMBNdYOu+Iadq2fUZT1vUCmYWIpz1gzrWBlAgMBAAGjUjBQMB0GA1UdDgQWBBRbcbsk7reQQG5cAljTwY9MSBL4WTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUP/Rq/DYpSI/tOaWhGZwYCcp4zbAwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgEsgXHfOH2qjcnVujA/2xoPgUEVNy91bcqe8Z/wK3X7eQzjOzK6SduxW+k2hdZ3X/0jRLg1RJTuiicMxXHtRbMuYAJCAdtEo1BRUkZXKm5codaf+dZjDPnv0zVWcojfFt3dplw3nHXiybJSyON3u50gasjgU+E4BdLw6Q2fIAn/B+HPgLPw-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.