Product Documentation

Create a new policy. The result of this command will return a sid-pid pair that can be used to reference this policy.

Syntax

java -jar skfsadminclient.jar CP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <notes> <policy>

Values

Value

Explanation

hostport

Host and port to access the FIDO server
SOAP & REST format : http://<FQDN>:<non-ssl-portnumber> or https://<FQDN>:<ssl-portnumber>
example : https://fidodemo.strongauth.com:8181

did

Unique domain identifier that belongs to SKCE

wsprotocol

Web service protocol; REST | SOAP

authtype

Authentication type; PASSWORD

svcusername

Username used for PASSWORD-based authorization

svcpassword

Password used for PASSWORD-based authorization

sid

Integer value specifying the server ID

pid

Integer value specifying the policy ID

notes

Optional notes to store with the policy or configuration.

policy

A JSON object defining the FIDO2 policy. Please Note: The policy JSON is minified to easily pass in as argument in terminal.

Output

$ example:~/skfsclient> java -jar skfsadminclient.jar CP https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! "" '{
    "FidoPolicy": {
        "name": "MinimalPolicy",
        "copyright": "",
        "version": "1.0",
        "startDate": "1695665588",
        "endDate": "1760103870871",
        "system": {
            "did": 1,
            "requireCounter": "optional",
            "integritySignatures": false,
            "userVerification": [
                "required",
                "preferred",
                "discouraged"
            ],
            "userPresenceTimeout": 0,
            "allowedAaguids": [
                "all"
            ],
            "transport": [
                "usb",
                "internal"
            ]
        },
        "crossOrigin": {
            "enabled": false,
            "allowedOrigins": [
            ]
        },
        "algorithms": {
            "curves": [
                "secp256r1",
                "secp384r1",
                "secp521r1",
                "curve25519"
            ],
            "rsa": [
                "RS256",
                "RS384",
                "RS512",
                "PS256",
                "PS384",
                "PS512"
            ],
            "signatures": [
                "ES256",
                "ES384",
                "ES512",
                "EdDSA",
                "ES256K"
            ]
        },
        "attestation": {
            "conveyance": [
                "none",
                "indirect",
                "direct",
                "enterprise"
            ],
            "formats": [
                "fido-u2f",
                "packed",
                "tpm",
                "android-key",
                "android-safetynet",
                "apple",
                "none"
            ]
        },
        "registration": {
            "displayName": "required",
            "attachment": [
                "platform",
                "cross-platform"
            ],
            "discoverableCredential": [
                "required",
                "preferred",
                "discouraged"
            ],
            "excludeCredentials": "enabled"
        },
        "authentication": {
            "allowCredentials": "enabled"
        },
        "authorization": {
            "maxdataLength": 256,
            "preserve": true
        },
        "rp": {
            "id": "strongkey.com",
            "name": "FIDOServer"
        },
        "extensions": {
        },
        "mds": {
            "authenticatorStatusReport": [
                {
                    "status": "FIDO_CERTIFIED_L1",
                    "priority": "1",
                    "decision": "IGNORE"
                },
                {
                    "status": "FIDO_CERTIFIED_L2",
                    "priority": "1",
                    "decision": "ACCEPT"
                },
                {
                    "status": "UPDATE_AVAILABLE",
                    "priority": "5",
                    "decision": "IGNORE"
                },
                {
                    "status": "REVOKED",
                    "priority": "10",
                    "decision": "DENY"
                }
            ]
        },
        "jwt": {
            "algorithms": [
                "ES256",
                "ES384",
                "ES521"
            ],
            "duration": 30,
            "required": [
                "rpid",
                "iat",
                "exp",
                "cip",
                "uname",
                "agent"
            ]
        },
       "signcerts": {
          "rootca": {
              "subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey",
              "serialnumber": "1445945143",
              "pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbWgAwIBAgIEVi9fNzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NTIxWhcNMjQwOTI0MTc1NTIxWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAnBg+GpFh8pSx6S88VFFDpjqAVbi5+gNagvzfmxm7v6uo1IEb1/sU4w6Fxw/h3XzHYSTdIKIMh8N9Zekk+0gplQ8BX2jphqcrfdlP/eT+tJKljaQKuH1Qr0XqgCa06EYj2rzmeqxbIpFmcCYODq2yl2eavORPrMCUUJBhim/HJN78dEijQjBAMB0GA1UdDgQWBBQk9v310MYf7oy/uSQZ8iaZmsyAhTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAIgR7dwY6bbOXZU1hxaKnnvkdsJQ/A8bsvTCxz6tHROJiFg8Yxc/bNcrvRSu8eNj/i4XSTsPJG9zlByRrF2jQywfAkIBclySrnuN2hYUlyBa8l79KWDgO0Q8AcsZsngIgOz4mfLP1rWnXpwDAQrIjDeHFb1jxKjiHhIAkq3ETwzI9KF2MMQ=-----END CERTIFICATE-----",
              "jwtcerts": {
                 "default": [
                  {
                    "subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey",
                    "serialnumber": "374680927",
                    "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEFlUtXzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NTMzWhcNMjQwOTI0MTc1NTMzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM/K4QvWAUz+9Ji1YKLnY3y2kz7DUgDtl4zmTDnrvK+TygNuz95Wvef/lAFlXarC3m4WCGBh6tUnEjmRYoiI3vOjQjBAMB0GA1UdDgQWBBSur7xr1kwhB9Wf3JpleA2a1UT5CjAfBgNVHSMEGDAWgBQk9v310MYf7oy/uSQZ8iaZmsyAhTAMBggqhkjOPQQDBAUAA4GLADCBhwJCAYxDEahaV7PliPDFrS8bOfgy5nhMdIbv3vMidm/cQ5pXwJlUqLup0N3LbSwzwVAT4Ahb9jxMK4w2SJp71XnXai+RAkEpQ9rxDTOSA1KO3bKu9mvWoz2NQF69ul0DKjhPlQBwySSTyR84+wdjz1QHpQfivahroAiU4SINF8G4glY7vnzUNA==-----END CERTIFICATE-----"
                  },
                  {
                    "subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey",
                    "serialnumber": "1110263917",
                    "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEQi1IbTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NTUzWhcNMjQwOTI0MTc1NTUzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAViDBBiK0pL/N2EKL6oZJtvK7+MUSjtEL1GUT561eqjWtb8XKLvaueSe1cRAxdHaGuP7UijDI8ebR3508D8Lr+jQjBAMB0GA1UdDgQWBBTS4/88da9pyuzZIrkbKq9JrXWQOzAfBgNVHSMEGDAWgBQk9v310MYf7oy/uSQZ8iaZmsyAhTAMBggqhkjOPQQDBAUAA4GLADCBhwJBDjUuO21tow/6UvyKQz3jmlWMudgU2MTkVneD30GiD9Ma0KGxylyGs8pqJz2mtszkKFM5YdOyCM6WefCtmFLx1T0CQgFy7+KpzBVfsciDlMu9Na3DgIQR6hrLlARsG0scTmbQ6gjhEBrfpyY0ayz8yB8cmroWv541oL0/ndWjsMPQQS+/Vg==-----END CERTIFICATE-----"
                  },
                  {
                    "subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey",
                    "serialnumber": "1228535437",
                    "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIESTn2jTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NjEyWhcNMjQwOTI0MTc1NjEyWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNMOCH0kkso1f6uB7XKyaOfdDkjA909k4inC/vG1m4I4m3B5Lq2QD8ePFwG102B0jBAISdG4nQixIoAHHa4s29CjQjBAMB0GA1UdDgQWBBQWBgeJxJWT6uGq2wgncQavIZ1u9TAfBgNVHSMEGDAWgBQk9v310MYf7oy/uSQZ8iaZmsyAhTAMBggqhkjOPQQDBAUAA4GLADCBhwJCATZLB8misstpSMZJC35xPNTMZx/z2HuzOKCvnRcJw2nWWmVG5Uz+hvA23/sp6tgb69C7ofEwYZe3963MHkwLuEhQAkEwdlHpRzk448BCTiIIHTiJrUyb5UUTcVxeAGoyz/aJdaK0GRyioizw5UC/HBsLz9kQY1A+Kq+bs6PX9KlKj0vPUA==-----END CERTIFICATE-----"
                  }]
               },
               "samlcerts": {
                   "default": [
                   {
                     "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
                     "serialnumber": "1194838982",
                     "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIERzfLxjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTA3WhcNMjQwOTI0MTgwNTA3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChTcTCY+GkL8pxybwRq7FbatUErkaJFaZEYUZNNtpJ5HTypNlwEjqWRNmFEQCBZuE4YiZJ1AQREbYVYrUPQvxHTJvRIRJ13OAhhWxQf12bAJBEn/A5y2he4/mBsnqXUBbvJDkf/86/fcj0tiqhQC6paGNPpeMshaVq+yk/wt6kJeiLvPLpsRNhk8DunlLwymet2M2hXvU1x51LksfLuBtO3BuT+yWyyA3qsL+QUzxgflu8Edwle/o1ApFaIPO3jAOpqqyHd8op3sfiWD2M81fRvveMkyxLkWmB+13ba+VJBJRKyJI033HfkkxYNAsoXJZ69JzFiCizYLeszzs8ytCPAgMBAAGjUjBQMB0GA1UdDgQWBBRWGmn3bPmdHnPVgSCEMQgFrSIMujAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgDuSdh9Fc6ifRsGjrsJ39rTkby603kD5yMRhiFIFZyIi6H4/sE1qZ4TQdTolrnTxDfb5qOPQlbOleQyaZbgfR1QGwJCAKmv715qliZjQVw995DXR2aoHEAVGOi8TKzgjwt0CYI9JyBklo2aXoVwgEvMB5VbZAsw41BUQIWkLU8M0WuGJUxs-----END CERTIFICATE-----"
                   },
                   {
                     "subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey",
                     "serialnumber": "1412791270",
                     "pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEVDV75jAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTI2WhcNMjQwOTI0MTgwNTI2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK5e4X24xACnlEQT1cd6+cvyll8dPIdEyxeFP9VEXvwO+1yZnqODWDtxXcVg1Wo1UMTcUoSIU2ByCySj6a3feADsPYetA1dmC/i+Lc5B9fkR9cgZWS6MZk/mhuSBbUlhwadjS5NuhMnw+5cUyRX3nf7GkFlMyHiHJAD3Hh1FuiKpfR3JQ8t5vq0GIDDaqjrvaXEnJu/ojnd+0XWwWriXDOWJV5wsae9ul5uzdGst8EcIbWYE0Sp82xYJM9GnREj7Bi1YffibfcvU5PyHuTDJbZ8mUhm91RuljxWXi1AFyJgnMHPqGQJ7ErRjb4e5FRtyPY/XR30PvGXJ6uEiQjItLJAgMBAAGjUjBQMB0GA1UdDgQWBBSzGGeXMgZZTn5pxd/VqNJDMtK80zAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgHBbUuqZ3aDOrEj90ZzXyIk9cXN4Td7eblICsn9a0d4AIVIWllIqNwvV84ik04PH/F35gb//TZ6NVvWajViFwwDEgJBIE+N0xkac7NZ3St4H2AE1kePMOWgadX+GIP5tIgcLoPoifvYo7/f4jqZZyHMTzP8cgdli4W1lWjx+149tCq/jEo=-----END CERTIFICATE-----"
                   },
                   {
                     "subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey",
                     "serialnumber": "1682332098",
                     "pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEZEZZwjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTQ0WhcNMjQwOTI0MTgwNTQ0WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDzGV3zHjLwR/r/Zy19ZYhM06wU3XIvgqeXhwj/oIfiidhTIraytfQ+ZZQVpT4frvhB3K50qplGedvKWRrwZXYZqZafwKA5/2PZduDCLZgo6OxRlkmSPzn1BfgE65Ja9e58AV1JhJCA1L9p8NaExhuIORvdrbwLvuI66E9UE6IqxFi3UnDszaSIAludYafTKBqXphjSm3Bp7OEulnZcKsyAJMA2pLqFDpovShKUS9cbmgNfOnoxJdHXNftqizmftg+PMv+CCb8Hxs7YLaWWa0Yhl28mcTJdVAyBt2f0we+43K8VD2ziHNGEw+XwjasYYNjvJc1rOBzPy0cBdZAlewJAgMBAAGjUjBQMB0GA1UdDgQWBBTan1wvCnaQEscTJRo9TngvtWgG0TAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgGWW3MGMlouOTLl0TTGpItdz2rDHUXlsIZZ4QfQxmPcRD7te0xZIah9suJznVQBNGofS71uVa1vx0PfsdLW+q0QqQJBTRrW9GiNu/0aXOETWrEPdcg08j7nB3e+hySQaxZYimUsPK+UdIgo0XFR+qDEnkuoZpuzuZ4KE9LbmG5WOTj6Ws8=-----END CERTIFICATE-----"
                   }],
                   "citrixidp": {
                        "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
                        "serialnumber": "1194838982",
                        "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIERzfLxjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTA3WhcNMjQwOTI0MTgwNTA3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChTcTCY+GkL8pxybwRq7FbatUErkaJFaZEYUZNNtpJ5HTypNlwEjqWRNmFEQCBZuE4YiZJ1AQREbYVYrUPQvxHTJvRIRJ13OAhhWxQf12bAJBEn/A5y2he4/mBsnqXUBbvJDkf/86/fcj0tiqhQC6paGNPpeMshaVq+yk/wt6kJeiLvPLpsRNhk8DunlLwymet2M2hXvU1x51LksfLuBtO3BuT+yWyyA3qsL+QUzxgflu8Edwle/o1ApFaIPO3jAOpqqyHd8op3sfiWD2M81fRvveMkyxLkWmB+13ba+VJBJRKyJI033HfkkxYNAsoXJZ69JzFiCizYLeszzs8ytCPAgMBAAGjUjBQMB0GA1UdDgQWBBRWGmn3bPmdHnPVgSCEMQgFrSIMujAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgDuSdh9Fc6ifRsGjrsJ39rTkby603kD5yMRhiFIFZyIi6H4/sE1qZ4TQdTolrnTxDfb5qOPQlbOleQyaZbgfR1QGwJCAKmv715qliZjQVw995DXR2aoHEAVGOi8TKzgjwt0CYI9JyBklo2aXoVwgEvMB5VbZAsw41BUQIWkLU8M0WuGJUxs-----END CERTIFICATE-----"
                    }
               }
          }
       }  
    }
}'

Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.

REST Create Policy with PASSWORD
*******************************

Calling create policy @ https://example.strongkey.com:8181/skfs/rest/addpolicy
 Response : {"Response":"1-1","responseCode":"FIDO-MSG-0063","skfsVersion":"4.14.0","skfsFQDN":"example.strongkey.com","TXID":"1-1-166-1731005487073"}

Create Policy complete.
******************************************

Done with Create Policy!