The administrative FIDO user performs various operations using skfsadminclient, such as pinging the skfs, policy management (get, create, patch, delete), configuration settings (get, update, delete), retrieving multiple users' keys simultaneously, and updating usernames.
-
Open a terminal window.
-
Change directory where skfsadminclient.jar is present.
shell> cd /usr/local/strongkey/skfsclient - Execute sample client to view usage by using the following command:
shell> java -jar skfsadminclient.jarOutput
$ example:~/skfsclient> java -jar skfsadminclient.jar
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.
Command: P (ping) | CP (createpolicy) | UP (updatepolicy) | DP (deletepolicy) | GP (getpolicy)
| GC (getconfiguration) | UC (updateconfiguration) | DC (deleteconfiguration)
| UU (updateusername) | GUK (getuserkeys)
java -jar skfsadminclient.jar P <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword>
java -jar skfsadminclient.jar GP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <metadataonly> <prettyprint>
java -jar skfsadminclient.jar CP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <notes> <policy>
java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <sid> <pid> <notes> <policy>
java -jar skfsadminclient.jar DP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <sid> <pid>
java -jar skfsadminclient.jar GC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword>
java -jar skfsadminclient.jar UC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <configkey> <configvalue> [<notes>]
java -jar skfsadminclient.jar DC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <configkey>
java -jar skfsadminclient.jar UU <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <oldusername> <newusername>
java -jar skfsadminclient.jar GUK <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <usernames>
Here is a brief description of each argument used with skfsclient:
|
Value |
Explanation |
|---|---|
|
did |
Unique domain identifier that belongs to SKCE |
|
hostport |
Host and port to access the FIDO SOAP and REST formats: http://<FQDN>:<non-ssl-portnumber> or https://<FQDN>:<ssl-portnumber> Example: https://fidodemo.strongauth.com:8181 |
|
wsprotocol |
Web socket protocol: [ REST | SOAP ] |
|
authtype |
Authentication type: [ PASSWORD ] |
|
svcusername |
Username used for PASSWORD-based authorization. |
|
svcpassword |
Password used for PASSWORD-based authorization. |
|
username |
Username for registration, authentication, or getting keys info |
|
oldusername |
The current username associated with the FIDO credentials. |
|
newusername |
New username to replace the oldusername for all associated FIDO credentials. |
|
notes |
Optional notes to store with the policy or configuration. |
|
policy |
A JSON object defining the SKFS FIDO policy. |
|
sid |
Server ID: Policy identifier returned by creating a policy. |
|
pid |
Policy ID: Policy identifier returned by creating a policy. |
|
metadataonly |
Boolean. If true, returns only the metadata of the policy. If false, returns the metadata + the policy JSON. |
|
prettyprint |
Boolean. If true, prints a pretty version of the returned policy. |
|
configkey |
Configuration identifier of server setting. |
|
configvalue |
Value connected to configuration identifier. |
The current defaults for PASSWORD-based authentication are as follows:
PASSWORD
- svcusername = fidoadminuser
- svcpassword = Abcd1234!