Product Documentation

Enabling SAML in the SKFS

  • Switch to (or login as) the strongkey user

    shell> su - strongkey
  • Edit the skfs properties file

    shell> vi /usr/local/strongkey/skfs/etc/skfs-configuration.properties
  • Set skfs.cfg.property.saml.response to true.

    skfs.cfg.property.saml.response=true
  • Restart the GlassFish server

    shell> sudo systemctl restart payara
  • When sending an authenticate request, ensure that the payload object contains a "ssoRequest" object, also containing a key-value pair: "saml": "[valid base64 encoded SAML]"

    Ex:
    {
    "svcinfo": {
    "did": 1,
    "protocol": "FIDO2_0",
    "authtype": "PASSWORD",
    "svcusername": "svcfidouser",
    "svcpassword": "Abcd1234!"
    },
    "payload": {
        "publicKeyCredential": {
            "id": "TeRB80NPWJqP6aj8y6XENVzFYHK-7v8SJhIiTJ6Nq7d3mkHKvpd-7T1e4oxDqPr06rig2gV3I9MKe_7RN5vjG-13rdRPYFGVVZ_L_FPyQ_9Xm_SU6XWawVV3VcYMkidDqgelZS5eT6OLw6eZeROb4s14NT73eUZ8YdwkM1O_1WPsoM0BLDBkXSMce-DOvEH4PTNOIzX8nvdlMX_jndBcejC9GqirPVv7R-gU332qtbo",
            "rawId": "TeRB80NPWJqP6aj8y6XENVzFYHK-7v8SJhIiTJ6Nq7d3mkHKvpd-7T1e4oxDqPr06rig2gV3I9MKe_7RN5vjG-13rdRPYFGVVZ_L_FPyQ_9Xm_SU6XWawVV3VcYMkidDqgelZS5eT6OLw6eZeROb4s14NT73eUZ8YdwkM1O_1WPsoM0BLDBkXSMce-DOvEH4PTNOIzX8nvdlMX_jndBcejC9GqirPVv7R-gU332qtbo",
            "response": {
                "authenticatorData": "WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMBAAAADw==",
                "signature": "MEUCIQDfJFK9PgZ0VgpnnIsBxM8NEAzCQIkAqHdcI_-z3PLuswIgeQU0rscT2xRNyVfp9KSmaMrYzNjtBzj4_mNXeCVYzAU=",
                "userHandle": "",
                "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMEtPWkc5RG9sNlNyUktxQTYwdTBCUSIsIm9yaWdpbiI6Imh0dHBzOi8vdGVzdC5zdHJvbmdrZXkuY29tOjgxODEifQ=="
            },
            "type": "public-key"
        },
        "strongkeyMetadata": {
            "version": "1.0",
            "last_used_location": "Sunnyvale,CA",
            "username": "johndoe",
            "origin": "https://test.strongkey.com:8181"
        },
    "ssoRequest": {
         "saml": "PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vYWRjLnN0cm9uZ2tleS5jb20vY2dpL3NhbWxhdXRoIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9za2ZzLnN0cm9uZ2tleS5jb206ODE4MS9za3NvL3NhbWwiIEZvcmNlQXV0aG49ImZhbHNlIiBJRD0iXzk1ZTQ0ZjM3M2RhMmNjMjc1OTdhYTJjN2RlNzVkYzUwIiBJc3N1ZUluc3RhbnQ9IjIwMjItMDktMjJUMjI6MDQ6MTlaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnN0cm9uZ2tleS5jb208L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg=="
    }

    }
    }