Product Documentation
Obtain a comprehensive overview of the administrative settings for the appliance, LDAP, and SKFS. Discover the purpose and significance of each configuration. Also see Mutable Configuration ⇒ LDAP Controls.
Syntax
java -jar skfsadminclient.jar GC <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ]
Values
|
Value |
Explanation |
|---|---|
|
hostport |
Host and port to access the FIDO server |
|
did |
Unique domain identifier that belongs to SKCE |
|
wsprotocol |
Web service protocol; REST | SOAP |
|
authtype |
Authentication type; HMAC | PASSWORD |
|
accesskey |
Access key for use in identifying a secret key |
|
secretkey |
Secret key for HMACing a request |
|
svcusername |
Username used for PASSWORD-based authorization |
|
svcpassword |
Password used for PASSWORD-based authorization |
Output
$ example:~/skfsclient> java -jar skfsadminclient.jar GC https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234!
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.
REST Get Configuration with PASSWORD
******************************************
{"svcinfo":{"did":1,"protocol":"FIDO2_0","authtype":"PASSWORD","svcusername":"fidoadminuser","svcpassword":"Abcd1234!"},"payload":{}}
Calling getconfiguration @ https://example.strongkey.com:8181/skfs/rest/getconfiguration
Get Configuration complete.
******************************************
GetConfiguration response :
{
"Response": {
"appliance": [
{
"configkey": "appl.cfg.property.service.ce.ldap.ldaptype",
"configvalue": "LDAP",
"hint": "Property that identifies what type of LDAP will be used for authenticating service credentials for the domain. Acceptable values : LDAP | AD. Default value: LDAP "
}
],
"ldap": [
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapadmingroup",
"configvalue": "cn=AdminAuthorized",
"hint": "Property that identifies the Common Name (CN) for the Administrator group in LDAP/AD. Default value : cn=AdminAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapcloudmovegroup",
"configvalue": "cn=CloudMoveAuthorized",
"hint": "Property that identifies the Common Name (CN) for the file move authorized group in LDAP/AD. This property is only used by the file encryption module. Default value : cn=CloudMoveAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapdecryptiongroup",
"configvalue": "cn=DecryptionAuthorized",
"hint": "Property that identifies the Common Name (CN) for the file decryption authorized group in LDAP/AD. This property is only used by the file encryption module. Default value : cn=DecryptionAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapdnprefix",
"configvalue": "cn=",
"hint": "Property that identifies the Distinguished name (DN) prefix to be used for service credentials. Default value : cn="
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapdnsuffix",
"configvalue": ",ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com",
"hint": "Property that identifies the user suffix to be appended to the user dn. Default value : ,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapencryptiongroup",
"configvalue": "cn=EncryptionAuthorized",
"hint": "Property that identifies the Common Name (CN) for the file encryption authorized group in LDAP/AD. This property is only used by the file encryption module. Default value : cn=EncryptionAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapfidoadmingroup",
"configvalue": "cn=FidoAdministrationService-AuthorizedServiceCredentials",
"hint": "Property that identifies the Common Name (CN) for the FIDO admin authorized group in LDAP/AD. This property is only used by the FIDO server to perform admin (policy and configurations) operations. Default value : cn=FidoAdminAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapfidoauthzgroup",
"configvalue": "cn=FidoAuthorizationService-AuthorizedServiceCredentials",
"hint": "Property that identifies the Common Name (CN) for the FIDO authorizations authorized group in LDAP/AD. This property is only used by the FIDO server to perform pre-authorize and authorize operations. Default value : cn=FidoAuthzAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapfidogroup",
"configvalue": "cn=FidoCredentialService-AuthorizedServiceCredentials",
"hint": "Property that identifies the Common Name (CN) for the FIDO authorized group in LDAP/AD. This property is only used by the FIDO server to perform patch and delete operations. Default value : cn=FidoAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapfidoreggroup",
"configvalue": "cn=FidoRegistrationService-AuthorizedServiceCredentials",
"hint": "Property that identifies the Common Name (CN) for the FIDO registration authorized group in LDAP/AD. This property is only used by the FIDO server to perform pre-register and register operations. Default value : cn=FidoRegAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapfidosigngroup",
"configvalue": "cn=FidoAuthenticationService-AuthorizedServiceCredentials",
"hint": "Property that identifies the Common Name (CN) for the FIDO assertion authorized group in LDAP/AD. This property is only used by the FIDO server to perform pre-authenticate and authenticate operations. Default value : cn=FidoSignAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapgroupsuffix",
"configvalue": ",ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com",
"hint": "Property that identifies the groups suffix to be appended to the group dn. Default value : ,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldaploadgroup",
"configvalue": "cn=LoadAuthorized",
"hint": "Property that identifies the Common Name (CN) for the Key Load authorized group in LDAP/AD. This property is only used by the signing module. Default value : cn=LoadAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapremovegroup",
"configvalue": "cn=RemoveAuthorized",
"hint": "Property that identifies the Common Name (CN) for the Key remove authorized group in LDAP/AD. This property is only used by the signing module. Default value : cn=RemoveAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapservicegroup",
"configvalue": "cn=Services",
"hint": "Property that identifies the Common Name (CN) for the Services group in LDAP/AD. Default value : cn=Services"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapsigngroup",
"configvalue": "cn=SignAuthorized",
"hint": "Property that identifies the Common Name (CN) for the Sign authorized group in LDAP/AD. This property is only used by the signing module. Default value : cn=SignAuthorized"
},
{
"configkey": "ldape.cfg.property.service.ce.ldap.ldapurl",
"configvalue": "ldap://localhost:389",
"hint": "Property that identifies the LDAP/AD url for the authentication/athorization of service credentials. DEfault value : ldap://localhost:1389"
}
],
"skfs": [
{
"configkey": "skfs.cfg.property.allow.changeusername",
"configvalue": "false",
"hint": "Property that identifies if username change should be allowed or not. Accepted Values : TRUE | FALSE. Default value : FALSE"
},
{
"configkey": "skfs.cfg.property.fido2.user.sendfakeKH",
"configvalue": "false",
"hint": "Property that identifies if fake keyhandles should be sent back to the calling application when they request preauthentication for unregistered users. Accepted Values : TRUE | FALSE. Default value : FALSE"
},
{
"configkey": "skfs.cfg.property.saml.assertion.duration",
"configvalue": "15",
"hint": "Property to determine amount of time a saml assertion will be active (in minutes)"
},
{
"configkey": "skfs.cfg.property.saml.certsperserver",
"configvalue": "3",
"hint": "Property to determine number of certs within each clustered server"
},
{
"configkey": "skfs.cfg.property.saml.citrix",
"configvalue": "true",
"hint": "Property to determine whether the SKFS is communicating with Citrix ADC as an SP for SAML authentication"
},
{
"configkey": "skfs.cfg.property.saml.citrix.signingalias",
"configvalue": "samlsigning-1-1-1",
"hint": "Property to determine the alias of the key within the keystore to be used for signing"
},
{
"configkey": "skfs.cfg.property.saml.digest.type",
"configvalue": "sha256",
"hint": "Property to determine what algorithm will be used for the digest"
},
{
"configkey": "skfs.cfg.property.saml.keystore.password",
"configvalue": "Abcd12341!",
"hint": "Property to determine password of saml keystore"
},
{
"configkey": "skfs.cfg.property.saml.keystore.rsa",
"configvalue": "/usr/local/strongkey/skfs/keystores/ssosigningkeystore.bcfks",
"hint": "Property to determine location of saml keystore"
},
{
"configkey": "skfs.cfg.property.saml.response",
"configvalue": "true",
"hint": "Property to determine if authentication web service should return a SAML Assertion"
},
{
"configkey": "skfs.cfg.property.saml.signature.type",
"configvalue": "rsa",
"hint": "Property to determine what algorithm will be used for the SAML signature"
},
{
"configkey": "skfs.cfg.property.saml.timezone",
"configvalue": "UTC",
"hint": "Property to determine time zone code used for the returned saml response (case sensitive)"
},
{
"configkey": "skfs.cfg.property.saml.truststore.password",
"configvalue": "Abcd1234!",
"hint": "Property to determine password of saml truststore"
},
{
"configkey": "skfs.cfg.property.saml.truststore.rsa",
"configvalue": "/usr/local/strongkey/skfs/keystores/ssosigningtruststore.bcfks",
"hint": "Property to determine location of saml truststore"
}
]
},
"responseCode": "FIDO-MSG-0073",
"skfsVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-171-1695851612776"
}
Done with Get Configuration!