Product Documentation

Obtain a comprehensive overview of the administrative settings for the appliance, LDAP, and SKFS. Discover the purpose and significance of each configuration. Also see Mutable Configuration ⇒ LDAP Controls.

Syntax

java -jar skfsadminclient.jar GC <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> 

Values

Value

Explanation

hostport

Host and port to access the FIDO server
SOAP & REST format : http://<FQDN>:<non-ssl-portnumber> or https://<FQDN>:<ssl-portnumber>
example : https://fidodemo.strongauth.com:8181

did

Unique domain identifier that belongs to SKCE

wsprotocol

Web service protocol; REST | SOAP

authtype

Authentication type; PASSWORD

svcusername

Username used for PASSWORD-based authorization

svcpassword

Password used for PASSWORD-based authorization

Output

$ example:~/skfsclient> java -jar skfsadminclient.jar GC https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234!

Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.

REST Get Configuration with PASSWORD
******************************************
{"svcinfo":{"did":1,"protocol":"FIDO2_0","authtype":"PASSWORD","svcusername":"fidoadminuser","svcpassword":"Abcd1234!"},"payload":{}}

Calling getconfiguration @ https://example.strongkey.com:8181/skfs/rest/getconfiguration

Get Configuration complete.
******************************************
GetConfiguration response : {
    "Response": {
        "appliance": [
            {
                "configkey": "appl.cfg.property.service.ce.ldap.ldaptype",
                "configvalue": "LDAP",
                "hint": "Property that identifies what type of LDAP will be used for authenticating service credentials for the domain. Acceptable values : LDAP | AD. Default value: LDAP  "
            }
        ],
        "ldap": [
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapadmingroup",
                "configvalue": "cn=AdminAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the Administrator group in LDAP/AD. Default value : cn=AdminAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapcloudmovegroup",
                "configvalue": "cn=CloudMoveAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the file move authorized group in LDAP/AD. This property is only used by the file encryption module. Default value : cn=CloudMoveAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapdecryptiongroup",
                "configvalue": "cn=DecryptionAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the file decryption authorized group in LDAP/AD. This property is only used by the file encryption module. Default value : cn=DecryptionAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapdnprefix",
                "configvalue": "cn=",
                "hint": "Property that identifies the Distinguished name (DN) prefix to be used for service credentials. Default value : cn="
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapdnsuffix",
                "configvalue": ",ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com",
                "hint": "Property that identifies the user suffix to be appended to the user dn. Default value : ,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapencryptiongroup",
                "configvalue": "cn=EncryptionAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the file encryption authorized group in LDAP/AD. This property is only used by the file encryption module. Default value : cn=EncryptionAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapfidoadmingroup",
                "configvalue": "cn=FidoAdministrationService-AuthorizedServiceCredentials",
                "hint": "Property that identifies the Common Name (CN) for the FIDO admin authorized group in LDAP/AD. This property is only used by the FIDO server to perform admin (policy and configurations) operations. Default value : cn=FidoAdminAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapfidoauthzgroup",
                "configvalue": "cn=FidoAuthorizationService-AuthorizedServiceCredentials",
                "hint": "Property that identifies the Common Name (CN) for the FIDO authorizations authorized group in LDAP/AD. This property is only used by the FIDO server to perform pre-authorize and authorize operations. Default value : cn=FidoAuthzAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapfidogroup",
                "configvalue": "cn=FidoCredentialService-AuthorizedServiceCredentials",
                "hint": "Property that identifies the Common Name (CN) for the FIDO authorized group in LDAP/AD. This property is only used by the FIDO server to perform patch and delete operations. Default value : cn=FidoAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapfidoreggroup",
                "configvalue": "cn=FidoRegistrationService-AuthorizedServiceCredentials",
                "hint": "Property that identifies the Common Name (CN) for the FIDO registration authorized group in LDAP/AD. This property is only used by the FIDO server to perform pre-register and register operations. Default value : cn=FidoRegAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapfidosigngroup",
                "configvalue": "cn=FidoAuthenticationService-AuthorizedServiceCredentials",
                "hint": "Property that identifies the Common Name (CN) for the FIDO assertion authorized group in LDAP/AD. This property is only used by the FIDO server to perform pre-authenticate and authenticate operations. Default value : cn=FidoSignAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapgroupsuffix",
                "configvalue": ",ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com",
                "hint": "Property that identifies the groups suffix to be appended to the group dn. Default value : ,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldaploadgroup",
                "configvalue": "cn=LoadAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the Key Load authorized group in LDAP/AD. This property is only used by the signing module. Default value : cn=LoadAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapremovegroup",
                "configvalue": "cn=RemoveAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the Key remove authorized group in LDAP/AD. This property is only used by the signing module. Default value : cn=RemoveAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapservicegroup",
                "configvalue": "cn=Services",
                "hint": "Property that identifies the Common Name (CN) for the Services group in LDAP/AD. Default value : cn=Services"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapsigngroup",
                "configvalue": "cn=SignAuthorized",
                "hint": "Property that identifies the Common Name (CN) for the Sign authorized group in LDAP/AD. This property is only used by the signing module. Default value : cn=SignAuthorized"
            },
            {
                "configkey": "ldape.cfg.property.service.ce.ldap.ldapurl",
                "configvalue": "ldap://localhost:389",
                "hint": "Property that identifies the LDAP/AD url for the authentication/athorization of service credentials. DEfault value : ldap://localhost:1389"
            }
        ],
        "skfs": [
            {
                "configkey": "skfs.cfg.property.allow.changeusername",
                "configvalue": "false",
                "hint": "Property that identifies if username change should be allowed or not. Accepted Values : TRUE | FALSE. Default value : FALSE"
            },
            {
                "configkey": "skfs.cfg.property.fido2.user.sendfakeKH",
                "configvalue": "false",
                "hint": "Property that identifies if fake keyhandles should be sent back to the calling application when they request preauthentication for unregistered users. Accepted Values : TRUE | FALSE. Default value : FALSE"
            },
            {
                "configkey": "skfs.cfg.property.saml.assertion.duration",
                "configvalue": "15",
                "hint": "Property to determine amount of time a saml assertion will be active (in minutes)"
            },
            {
                "configkey": "skfs.cfg.property.saml.certsperserver",
                "configvalue": "3",
                "hint": "Property to determine number of certs within each clustered server"
            },
            {
                "configkey": "skfs.cfg.property.saml.citrix",
                "configvalue": "false",
                "hint": "Property to determine whether the SKFS is communicating with Citrix ADC as an SP for SAML authentication"
            },
            {
                "configkey": "skfs.cfg.property.saml.citrix.signingalias",
                "configvalue": "samlsigning-1-1-1",
                "hint": "Property to determine the alias of the key within the keystore to be used for signing"
            },
            {
                "configkey": "skfs.cfg.property.saml.digest.type",
                "configvalue": "sha256",
                "hint": "Property to determine what algorithm will be used for the digest"
            },
            {
                "configkey": "skfs.cfg.property.saml.keystore.password",
                "configvalue": "Abcd1234!",
                "hint": "Property to determine password of saml keystore"
            },
            {
                "configkey": "skfs.cfg.property.saml.keystore.rsa",
                "configvalue": "/usr/local/strongkey/skfs/keystores/ssosigningkeystore.bcfks",
                "hint": "Property to determine location of saml keystore"
            },
            {
                "configkey": "skfs.cfg.property.saml.response",
                "configvalue": "false",
                "hint": "Property to determine if authentication web service should return a SAML Assertion"
            },
            {
                "configkey": "skfs.cfg.property.saml.signature.type",
                "configvalue": "rsa",
                "hint": "Property to determine what algorithm will be used for the SAML signature"
            },
            {
                "configkey": "skfs.cfg.property.saml.timezone",
                "configvalue": "UTC",
                "hint": "Property to determine time zone code used for the returned saml response (case sensitive)"
            },
            {
                "configkey": "skfs.cfg.property.saml.truststore.password",
                "configvalue": "Abcd1234!",
                "hint": "Property to determine password of saml truststore"
            },
            {
                "configkey": "skfs.cfg.property.saml.truststore.rsa",
                "configvalue": "/usr/local/strongkey/skfs/keystores/ssosigningtruststore.bcfks",
                "hint": "Property to determine location of saml truststore"
            }
        ]
    },
    "responseCode": "FIDO-MSG-0073",
    "skfsVersion": "4.14.0",
    "skfsFQDN": "example.strongkey.com",
    "TXID": "1-1-167-1731005806595"
}

Done with Get Configuration!