The administrative FIDO user performs various operations using skfsadminclient, such as pinging the skfs, policy management (get, create, patch, delete), configuration settings (get, update, delete), retrieving multiple users' keys simultaneously, and updating usernames.
-
Open a terminal window.
-
Change directory where skfsadminclient.jar is present.
shell> cd /usr/local/strongkey/skfsclient - Execute sample client to view usage by using the following command:
shell> java -jar skfsadminclient.jarOutput
$ example:~/skfsclient> java -jar skfsadminclient.jar
Copyright (c) 2001-2025 StrongAuth, Inc. All rights reserved.
Command: P (ping) | CP (createpolicy) | UP (updatepolicy) | DP (deletepolicy) | GP (getpolicy)
| GC (getconfiguration) | UC (updateconfiguration) | DC (deleteconfiguration)
| UU (updateusername) | GUK (getuserkeys) | AR (addrororigins) | GR (getrororigins) | UR (updaterororigins) | UDR (updatedisableror)
| ADT (adddaltarget) | GDT (getdaltarget) | UDT (updatedaltarget) | UDTD (upddatedisabledaltarget)
| ADFP (adddalx509certificatefingerprints) | UDFP (updatedalx509certificatefingerprints) | UDFPD (updatex509fingerprintanddisable)
java -jar skfsadminclient.jar P <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword>
java -jar skfsadminclient.jar GP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <metadataonly> <prettyprint>
java -jar skfsadminclient.jar CP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <notes> <policy>
java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <sid> <pid> <notes> <policy>
java -jar skfsadminclient.jar DP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <sid> <pid>
java -jar skfsadminclient.jar GC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword>
java -jar skfsadminclient.jar UC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <configkey> <configvalue> [<notes>]
java -jar skfsadminclient.jar DC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <configkey>
java -jar skfsadminclient.jar UU <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <oldusername> <newusername>
java -jar skfsadminclient.jar GUK <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <usernames>
java -jar skfsadminclient.jar AR <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <weborigin(s)>
java -jar skfsadminclient.jar GR <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword>
java -jar skfsadminclient.jar UR <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <ogid(s)> <status>
java -jar skfsadminclient.jar UDR <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <ogid(s)> <status>
java -jar skfsadminclient.jar ADT <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <namespace> <packageName> <x509cert1>:<sha256fp1>,<x509cert2>:<sha256fp2>...
java -jar skfsadminclient.jar GDT <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword>
java -jar skfsadminclient.jar UDT <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <tid(s)> <status>
java -jar skfsadminclient.jar UDTD <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <tid(s)> <status>
java -jar skfsadminclient.jar ADFP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <tid> <x509cert1>:<sha256fp1>,<x509cert2>:<sha256fp2>...
java -jar skfsadminclient.jar UDFP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <tid> <sha256fp(s)> <status>
java -jar skfsadminclient.jar UDFPD <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <tid> <sha256fp(s)> <status> >
Here is a brief description of each argument used with skfsclient:
|
Value |
Explanation |
|---|---|
|
did |
Unique domain identifier that belongs to SKCE |
|
hostport |
Host and port to access the FIDO SOAP and REST formats: http://<FQDN>:<non-ssl-portnumber> or https://<FQDN>:<ssl-portnumber> Example: https://fidodemo.strongauth.com:8181 |
|
wsprotocol |
Web socket protocol: [ REST | SOAP ] |
|
authtype |
Authentication type: [ PASSWORD ] |
|
svcusername |
Username used for PASSWORD-based authorization. |
|
svcpassword |
Password used for PASSWORD-based authorization. |
|
username |
Username for registration, authentication, or getting keys info |
|
oldusername |
The current username associated with the FIDO credentials. |
|
newusername |
New username to replace the oldusername for all associated FIDO credentials. |
|
notes |
Optional notes to store with the policy or configuration. |
|
policy |
A JSON object defining the SKFS FIDO policy. |
|
sid |
Server ID: Policy identifier returned by creating a policy. |
|
pid |
Policy ID: Policy identifier returned by creating a policy. |
|
metadataonly |
Boolean. If true, returns only the metadata of the policy. If false, returns the metadata + the policy JSON. |
|
prettyprint |
Boolean. If true, prints a pretty version of the returned policy. |
|
configkey |
Configuration identifier of server setting. |
|
configvalue |
Value connected to configuration identifier. |
|
webOrigins |
Value for allowed ROR web origin |
|
ogid |
unique ID that was assigned to the Related web origin when it was generated |
|
namespace |
DAL namespace identifier for the app |
|
packageName |
DAL packagename identifier for the app |
|
sha256fp |
DAL sha256_cert_fingerprint for the app |
|
x509cert |
DAL x509Cert for the app |
|
status |
String values of Active or Inactive |
The current defaults for PASSWORD-based authentication are as follows:
PASSWORD
- svcusername = fidoadminuser
- svcpassword = Abcd1234!