Product Documentation

Update an existing policy. Policies are specified by their sid and pid.

Syntax

java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <sid> <pid> <notes> <policy>

Values

Value

Explanation

hostport

Host and port to access the FIDO server
SOAP & REST format : http://<FQDN>:<non-ssl-portnumber> or https://<FQDN>:<ssl-portnumber>
example : https://fidodemo.strongauth.com:8181

did

Unique domain identifier that belongs to SKCE

wsprotocol

Web service protocol; REST | SOAP

authtype

Authentication type; PASSWORD

svcusername

Username used for PASSWORD-based authorization

svcpassword

Password used for PASSWORD-based authorization

sid

Integer value specifying the server ID

pid

Integer value specifying the policy ID

notes

Optional notes to store with the policy or configuration.

policy

A JSON object defining the SKFS FIDO policy. Please Note: The policy JSON is minified to easily pass in as argument in terminal.

Output

$ example:~/skfsclient> java -jar skfsadminclient.jar UP https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! 1 1 "updated policy" '{
    "FidoPolicy": {
        "name": "UpdatedMinimalPolicy",
        "copyright": "",
        "version": "1.0",
        "startDate": "1717785111",
        "endDate": "1760103870871",
        "system": {
            "did": 1,
            "requireCounter": "optional",
            "integritySignatures": false,
            "userVerification": [
                "required",
                "preferred",
                "discouraged"
            ],
            "userPresenceTimeout": 0,
            "allowedAaguids": [
                "all"
            ],
            "transport": [
                "usb",
                "internal"
            ]
        },
        "crossOrigin": {
            "enabled": false,
            "allowedOrigins": [
            ]
        },
        "algorithms": {
            "curves": [
                "secp256r1",
                "secp384r1",
                "secp521r1",
                "curve25519"
            ],
            "rsa": [
                "RS256",
                "RS384",
                "RS512",
                "PS256",
                "PS384",
                "PS384"
            ],
            "signatures": [
                "ES256",
                "ES384",
                "ES512",
                "EdDSA",
                "ES256K"
            ]
        },
        "attestation": {
            "conveyance": [
                "none",
                "indirect",
                "direct",
                "enterprise"
            ],
            "formats": [
                "fido-u2f",
                "packed",
                "tpm",
                "android-key",
                "android-safetynet",
                "apple",
                "none"
            ]
        },
        "registration": {
            "displayName": "required",
            "attachment": [
                "platform",
                "cross-platform"
            ],
            "discoverableCredential": [
                "required",
                "preferred",
                "discouraged"
            ],
            "excludeCredentials": "enabled"
        },
        "authentication": {
            "allowCredentials": "enabled"
        },
        "authorization": {
            "maxdataLength": 256,
            "preserve": true
        },
        "rp": {
            "id": "strongkey.com",
            "name": "FIDOServer"
        },
        "extensions": {
        },
        "mds": {
            "authenticatorStatusReport": [
                {
                    "status": "FIDO_CERTIFIED_L1",
                    "priority": "1",
                    "decision": "IGNORE"
                },
                {
                    "status": "FIDO_CERTIFIED_L2",
                    "priority": "1",
                    "decision": "ACCEPT"
                },
                {
                    "status": "UPDATE_AVAILABLE",
                    "priority": "5",
                    "decision": "IGNORE"
                },
                {
                    "status": "REVOKED",
                    "priority": "10",
                    "decision": "DENY"
                }
            ]
        },
        "jwt": {
            "algorithms": [
                "ES256",
                "ES384",
                "ES521"
            ],
            "duration": 30,
            "required": [
                "rpid",
                "iat",
                "exp",
                "cip",
                "uname",
                "agent"
            ]
        },
        "signcerts": {
            "rootca": {
                "subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey",
                "serialnumber": "-177581522072826007",
                "pemcert": "-----BEGIN CERTIFICATE-----MIICVzCCAbigAwIBAgIJAP2JGovqLQ9pMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjM4WhcNMjUwNjA3MTgxMjM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAxovTmZj4rImLF97K87bHTRkD3xuVI9RZ8YTY29990vXci06oBH3rh+aPUDbMiu7IGYBISS9AIFyXGkHQH7mHIjcAfvSbKYcrZ0H0PdTtYH6b0CmSHgE2pSkUuzNv+e41jyHgYh8jPd5tftZ3Snf/Zg76VHJzYK9xVptJxzrG1R688AqjQjBAMB0GA1UdDgQWBBSPxZjD3CXirWm/IaXVTjDl2HiodzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgE48kTRIsmNoDRunwIus3aBHG97EdLN8QsSuRRkUlu+PrLx8nicd9FqrTIkdlrQ48NXIix4wNbnj0JUXf5mO2DsFQJCAaQguK6Sr091YE0TL70adsXcD0OfFYqfCRXEsfsFrHGt9vQzM9j8Tg7/p6gNo1vifV/wrztRDGPPgJTtXshzvUMz-----END CERTIFICATE-----",
                "jwtcerts": {
                    "default": [
                        {
                            "subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey",
                            "serialnumber": "-4658888773167051440",
                            "pemcert": "-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAL9YTVg7Uo1QMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjUzWhcNMjUwNjA3MTgxMjUzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLpNXfFZVi5hRDoYkmxedB2gBFWAO1XEPATOBXdnrzxQL9uyJcBv93k7Q3ZKQ2v4EPy99G3AdeQ8INql2zzurpujQjBAMB0GA1UdDgQWBBQWtOtaxCSJEsLHa9azjHXM91OCezAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgDCA9L222vpJu1e6H2+pi6SfbBtF1lBLmJTGowPkt0KLBB3UbMyH7oYiaQR0obWy2mtPBKjWgCGrvsWEg4aHq6djQJCAXD+TSEuCdKFVEu9r2xX0PPRIkM3cq/d/nJWtvq4xxViBxYmS4B3N+NpL+RfYtA17icjIkpze7CXz9q+gRXD+GO0-----END CERTIFICATE-----"
                        },
                        {
                            "subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey",
                            "serialnumber": "3256801899139789702",
                            "pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIILTJ8Em4Lc4YwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMTRaFw0yNTA2MDcxODEzMTRaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDsH9HdMCX9VzsbN03ysnEgdmZmIxRTeenlKNYPdRplBg/jKabha3ITZIPZaIXLMwxxZ7LPRxwx4cOIHAdc/8sKNCMEAwHQYDVR0OBBYEFI7UAJOrRp+TLxnZSjNjhAmT/3hXMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GMADCBiAJCAfUURlsGdhWpXUrljTIR+zlAhcTAVCg/V/6xoGVF5PoDHiBYx/cnVGVslh6T7uM/tMPxUsOMNKAtWGlZcuuJuUJeAkIBgd/+DUQxMwsPB5HXobZwMkZVxljnPOf0JGh3nK3ddn12Eydy6z8Fi5UjdBK3yrfChXpHl3NnmZ/wKPyXzszEM9Y=-----END CERTIFICATE-----"
                        },
                        {
                            "subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey",
                            "serialnumber": "5397196325783806979",
                            "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIISuaxdnVjJAMwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMzVaFw0yNTA2MDcxODEzMzVaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIzMNhzFX2K470vatlH5idCmTpuZwzLySJpRBDlwFL+p3itUh4adSpqZuhAznii810/p/J95UCWcXkXxcjEWTWKNCMEAwHQYDVR0OBBYEFOslD1/laM/Dx/PDu2GYF6x/xxHcMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GLADCBhwJCAU5bass8HMUuO3PSL4d6QTEAlRWfqidYNq1Bsg1QpTTCio7FHvA62xUfixfX+MBOQVtiBmoe83c01MfaKhPQRY2FAkF2bFq27xv6NkHCBrZvdMizlQjCewJvj5f5r14mkwoNrknhmH06bGO/kskTNkx4boy+Swq4+9hOBMcBJ73Hj8TfOg==-----END CERTIFICATE-----"
                        }
                    ]
                },
                "samlcerts": {
                    "default": [
                        {
                            "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
                            "serialnumber": "8152870988524290549",
                            "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"
                        },
                        {
                            "subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey",
                            "serialnumber": "5045826891452461148",
                            "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIRgZg0ucjMFwwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMzZaFw0yNTA2MDcxODIzMzZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKMDc68tM6YEyW7eKk7qGe04Cmjjn+E76jABojTV0WQMak2PeV6cLcESwqSNcjmq0CrxoK+EXjYj3vRDq/rDQbdrmmQ3WTh14p5+O4MUWbCMak30YGL2EWfiF642s/Qbyz1UD0UCeMP4kt1G1Xg2NieeUYslbVtS3EEJ7cj+2m3jsFvzu3aFikxpGcPLUyeVjwwx7pe4QrhvbbMC5UIjghva0eA61V7IHaDvuJrZ4D949ezRAsGA0kMbPiNblOfoPQTogdKxpIrUsndaDZHpALTP1rpaSt/6MfihPgAbR7JHmR+9z75YaUv7ZXSbu2yO/iZzlUoXphgK8ZOhB2Qfq8CAwEAAaNSMFAwHQYDVR0OBBYEFCrdNLd5w5l2GQGTAppl0yxt/uygMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGMV/fYhYpWfnkRaage+m2qmXZRPSSU5QgfpDrPTRDgxWbslxzr0Cvh/CeG0jD34nriVr2+vxPFfllFR6i9weSo9gJCAfYbg+/JZYOwgT9fnDJm8vXP8ODL6qXn6z5N102C7tL0AuMTAU3d9wnFpEbpWboeEg5zsk78kZ+O9GevTwHb406B-----END CERTIFICATE-----"
                        },
                        {
                            "subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey",
                            "serialnumber": "8532427843623313953",
                            "pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkWgAwIBAgIIdmlF6sLR4iEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzNTZaFw0yNTA2MDcxODIzNTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI3w4rS0PzNH8gKaROPz3doPi4JLEn6OHuLxCBMpEC/AxACINDPqaYQa/WnwyaW28WCedNy6v9JRUwH/ztoOGq4Y1WZ0lYRRdr2onbMhGrq9EQ3mwfMF5ZEA/hZn8Z6qwRn1KPgVqSSvhbdu4F3pmfO4tutmDtAfMF0K5a0cmuTq6oxd6eris1wu1J6f/5jOe/9JN0OuUZh7nf+ifia+xUzB/k2YUT453qtHGLyHxGI0h8xIZTqwwEgUkIp076hBR8z+5dsNG8VIOfea3ZjFLkl8/gLlpctQIoWqKvvvg9UyVvWgEXZAVmOspwRkr6EWWVGKATdMgUzrlRa8RXvNJqsCAwEAAaNSMFAwHQYDVR0OBBYEFDc3nMrMDS24L0zdgQtk/oqRFeDbMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBigAwgYYCQXLOvHeDlT3omFDROmqE+nZsCItjRlWq3eqB4NBxCxC9vdFDrrJlzBpGm7oIf/NYg1idB+Zx3kIzVjLvcZu3D13pAkELoDM0IzFv7rogumS0tSDSdVy7bUsP0xOYJ2mr/Pv4oxdQ/f3cdvRC7WaApzTNwyKXc+4MD060VrUGIM7R8bNNPw==-----END CERTIFICATE-----"
                        }
                    ],
                    "citrixidp": {
                        "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1, O=StrongKey",
                        "serialnumber": "8152870988524290549",
                        "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"
                    }
                }
            }
        }
    }
}'

Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.

REST Update Policy with PASSWORD
******************************************

Calling update @ https://example.strongkey.com:8181/skfs/rest/updatepolicy
 Response : {"Response":"Successfully updated policy 1-1","responseCode":"FIDO-MSG-0067","skfsVersion":"4.14.0","skfsFQDN":"example.strongkey.com","TXID":"1-1-165-1731005179263"}

Update Policy complete.
******************************************

Done with Update Policy!