Product Documentation
Update an existing policy. Policies are specified by their sid and pid.
Syntax
java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <sid> <pid> <notes> <policy>
Values
|
Value |
Explanation |
|---|---|
|
hostport |
Host and port to access the FIDO server |
|
did |
Unique domain identifier that belongs to SKCE |
|
wsprotocol |
Web service protocol; REST | SOAP |
|
authtype |
Authentication type; HMAC | PASSWORD |
|
accesskey |
Access key for use in identifying a secret key |
|
secretkey |
Secret key for HMACing a request |
|
svcusername |
Username used for PASSWORD-based authorization |
|
svcpassword |
Password used for PASSWORD-based authorization |
|
sid |
Integer value specifying the server ID |
|
pid |
Integer value specifying the policy ID |
|
notes |
Optional notes to store with the policy or configuration. |
|
policy |
A JSON object defining the SKFS FIDO policy. Please Note: The policy JSON is minified to easily pass in as argument in terminal. |
Output
$ example:~/skfsclient> java -jar skfsadminclient.jar UP https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! 1 1 "updated policy" '{
"FidoPolicy": {
"name": "UpdatedMinimalPolicy",
"copyright": "",
"version": "1.0",
"startDate": "1717785111",
"endDate": "1760103870871",
"system": {
"did": 1,
"requireCounter": "optional",
"integritySignatures": false,
"userVerification": [
"required",
"preferred",
"discouraged"
],
"userPresenceTimeout": 0,
"allowedAaguids": [
"all"
],
"transport": [
"usb",
"internal"
]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": [
]
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS384"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"none",
"indirect",
"direct",
"enterprise"
],
"formats": [
"fido-u2f",
"packed",
"tpm",
"android-key",
"android-safetynet",
"apple",
"none"
]
},
"registration": {
"displayName": "required",
"attachment": [
"platform",
"cross-platform"
],
"discoverableCredential": [
"required",
"preferred",
"discouraged"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey",
"serialnumber": "-177581522072826007",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVzCCAbigAwIBAgIJAP2JGovqLQ9pMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjM4WhcNMjUwNjA3MTgxMjM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAxovTmZj4rImLF97K87bHTRkD3xuVI9RZ8YTY29990vXci06oBH3rh+aPUDbMiu7IGYBISS9AIFyXGkHQH7mHIjcAfvSbKYcrZ0H0PdTtYH6b0CmSHgE2pSkUuzNv+e41jyHgYh8jPd5tftZ3Snf/Zg76VHJzYK9xVptJxzrG1R688AqjQjBAMB0GA1UdDgQWBBSPxZjD3CXirWm/IaXVTjDl2HiodzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgE48kTRIsmNoDRunwIus3aBHG97EdLN8QsSuRRkUlu+PrLx8nicd9FqrTIkdlrQ48NXIix4wNbnj0JUXf5mO2DsFQJCAaQguK6Sr091YE0TL70adsXcD0OfFYqfCRXEsfsFrHGt9vQzM9j8Tg7/p6gNo1vifV/wrztRDGPPgJTtXshzvUMz-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "-4658888773167051440",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAL9YTVg7Uo1QMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjUzWhcNMjUwNjA3MTgxMjUzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLpNXfFZVi5hRDoYkmxedB2gBFWAO1XEPATOBXdnrzxQL9uyJcBv93k7Q3ZKQ2v4EPy99G3AdeQ8INql2zzurpujQjBAMB0GA1UdDgQWBBQWtOtaxCSJEsLHa9azjHXM91OCezAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgDCA9L222vpJu1e6H2+pi6SfbBtF1lBLmJTGowPkt0KLBB3UbMyH7oYiaQR0obWy2mtPBKjWgCGrvsWEg4aHq6djQJCAXD+TSEuCdKFVEu9r2xX0PPRIkM3cq/d/nJWtvq4xxViBxYmS4B3N+NpL+RfYtA17icjIkpze7CXz9q+gRXD+GO0-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey",
"serialnumber": "3256801899139789702",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIILTJ8Em4Lc4YwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMTRaFw0yNTA2MDcxODEzMTRaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDsH9HdMCX9VzsbN03ysnEgdmZmIxRTeenlKNYPdRplBg/jKabha3ITZIPZaIXLMwxxZ7LPRxwx4cOIHAdc/8sKNCMEAwHQYDVR0OBBYEFI7UAJOrRp+TLxnZSjNjhAmT/3hXMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GMADCBiAJCAfUURlsGdhWpXUrljTIR+zlAhcTAVCg/V/6xoGVF5PoDHiBYx/cnVGVslh6T7uM/tMPxUsOMNKAtWGlZcuuJuUJeAkIBgd/+DUQxMwsPB5HXobZwMkZVxljnPOf0JGh3nK3ddn12Eydy6z8Fi5UjdBK3yrfChXpHl3NnmZ/wKPyXzszEM9Y=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey",
"serialnumber": "5397196325783806979",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIISuaxdnVjJAMwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMzVaFw0yNTA2MDcxODEzMzVaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIzMNhzFX2K470vatlH5idCmTpuZwzLySJpRBDlwFL+p3itUh4adSpqZuhAznii810/p/J95UCWcXkXxcjEWTWKNCMEAwHQYDVR0OBBYEFOslD1/laM/Dx/PDu2GYF6x/xxHcMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GLADCBhwJCAU5bass8HMUuO3PSL4d6QTEAlRWfqidYNq1Bsg1QpTTCio7FHvA62xUfixfX+MBOQVtiBmoe83c01MfaKhPQRY2FAkF2bFq27xv6NkHCBrZvdMizlQjCewJvj5f5r14mkwoNrknhmH06bGO/kskTNkx4boy+Swq4+9hOBMcBJ73Hj8TfOg==-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "8152870988524290549",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey",
"serialnumber": "5045826891452461148",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIRgZg0ucjMFwwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMzZaFw0yNTA2MDcxODIzMzZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKMDc68tM6YEyW7eKk7qGe04Cmjjn+E76jABojTV0WQMak2PeV6cLcESwqSNcjmq0CrxoK+EXjYj3vRDq/rDQbdrmmQ3WTh14p5+O4MUWbCMak30YGL2EWfiF642s/Qbyz1UD0UCeMP4kt1G1Xg2NieeUYslbVtS3EEJ7cj+2m3jsFvzu3aFikxpGcPLUyeVjwwx7pe4QrhvbbMC5UIjghva0eA61V7IHaDvuJrZ4D949ezRAsGA0kMbPiNblOfoPQTogdKxpIrUsndaDZHpALTP1rpaSt/6MfihPgAbR7JHmR+9z75YaUv7ZXSbu2yO/iZzlUoXphgK8ZOhB2Qfq8CAwEAAaNSMFAwHQYDVR0OBBYEFCrdNLd5w5l2GQGTAppl0yxt/uygMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGMV/fYhYpWfnkRaage+m2qmXZRPSSU5QgfpDrPTRDgxWbslxzr0Cvh/CeG0jD34nriVr2+vxPFfllFR6i9weSo9gJCAfYbg+/JZYOwgT9fnDJm8vXP8ODL6qXn6z5N102C7tL0AuMTAU3d9wnFpEbpWboeEg5zsk78kZ+O9GevTwHb406B-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey",
"serialnumber": "8532427843623313953",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkWgAwIBAgIIdmlF6sLR4iEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzNTZaFw0yNTA2MDcxODIzNTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI3w4rS0PzNH8gKaROPz3doPi4JLEn6OHuLxCBMpEC/AxACINDPqaYQa/WnwyaW28WCedNy6v9JRUwH/ztoOGq4Y1WZ0lYRRdr2onbMhGrq9EQ3mwfMF5ZEA/hZn8Z6qwRn1KPgVqSSvhbdu4F3pmfO4tutmDtAfMF0K5a0cmuTq6oxd6eris1wu1J6f/5jOe/9JN0OuUZh7nf+ifia+xUzB/k2YUT453qtHGLyHxGI0h8xIZTqwwEgUkIp076hBR8z+5dsNG8VIOfea3ZjFLkl8/gLlpctQIoWqKvvvg9UyVvWgEXZAVmOspwRkr6EWWVGKATdMgUzrlRa8RXvNJqsCAwEAAaNSMFAwHQYDVR0OBBYEFDc3nMrMDS24L0zdgQtk/oqRFeDbMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBigAwgYYCQXLOvHeDlT3omFDROmqE+nZsCItjRlWq3eqB4NBxCxC9vdFDrrJlzBpGm7oIf/NYg1idB+Zx3kIzVjLvcZu3D13pAkELoDM0IzFv7rogumS0tSDSdVy7bUsP0xOYJ2mr/Pv4oxdQ/f3cdvRC7WaApzTNwyKXc+4MD060VrUGIM7R8bNNPw==-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1, O=StrongKey",
"serialnumber": "8152870988524290549",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"
}
}
}
}
}
}'
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.
REST Update Policy with PASSWORD
******************************************
Calling update @ https://example.strongkey.com:8181/skfs/rest/updatepolicy
Response : {"Response":"Successfully updated policy 1-1","responseCode":"FIDO-MSG-0067","skfsVersion":"4.13.0","skfsFQDN":"example.strongkey.com","TXID":"1-1-171-1717785817484"}
Update Policy complete.
******************************************
Done with Update Policy!