Product Documentation

    Enabling SAML in the SKFS

    • Switch to (or login as) the strongkey user

      shell> su - strongkey

    • Edit the skfs properties file

      shell> vi /usr/local/strongkey/skfs/etc/skfs-configuration.properties

    • Set skfs.cfg.property.saml.response to true.

      skfs.cfg.property.saml.response=true

    • Restart the GlassFish server

      shell> sudo service glassfishd restart

    • When sending an authenticate request, ensure that the payload object contains a "ssoRequest" object, also containing a key-value pair: "saml": "[valid base64 encoded SAML]"

      Ex: 
      {
          "svcinfo": {
            "did": 1,
            "protocol": "FIDO2_0",
            "authtype": "PASSWORD",
            "svcusername": "svcfidouser",
            "svcpassword": "Abcd1234!"
          },
          "payload": {
              "publicKeyCredential": {
                  "id": "TeRB80NPWJqP6aj8y6XENVzFYHK-7v8SJhIiTJ6Nq7d3mkHKvpd-7T1e4oxDqPr06rig2gV3I9MKe_7RN5vjG-13rdRPYFGVVZ_L_FPyQ_9Xm_SU6XWawVV3VcYMkidDqgelZS5eT6OLw6eZeROb4s14NT73eUZ8YdwkM1O_1WPsoM0BLDBkXSMce-DOvEH4PTNOIzX8nvdlMX_jndBcejC9GqirPVv7R-gU332qtbo",
                  "rawId": "TeRB80NPWJqP6aj8y6XENVzFYHK-7v8SJhIiTJ6Nq7d3mkHKvpd-7T1e4oxDqPr06rig2gV3I9MKe_7RN5vjG-13rdRPYFGVVZ_L_FPyQ_9Xm_SU6XWawVV3VcYMkidDqgelZS5eT6OLw6eZeROb4s14NT73eUZ8YdwkM1O_1WPsoM0BLDBkXSMce-DOvEH4PTNOIzX8nvdlMX_jndBcejC9GqirPVv7R-gU332qtbo",
                  "response": {
                      "authenticatorData": "WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMBAAAADw==",
                      "signature": "MEUCIQDfJFK9PgZ0VgpnnIsBxM8NEAzCQIkAqHdcI_-z3PLuswIgeQU0rscT2xRNyVfp9KSmaMrYzNjtBzj4_mNXeCVYzAU=",
                      "userHandle": "",
                      "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMEtPWkc5RG9sNlNyUktxQTYwdTBCUSIsIm9yaWdpbiI6Imh0dHBzOi8vdGVzdC5zdHJvbmdrZXkuY29tOjgxODEifQ=="
                  },
                  "type": "public-key"
              },
              "strongkeyMetadata": {
                  "version": "1.0",
                  "last_used_location": "Sunnyvale,CA",
                  "username": "johndoe",
                  "origin": "https://test.strongkey.com:8181"
              },
              "ssoRequest": {
                  "saml": "PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vYWRjLnN0cm9uZ2tleS5jb20vY2dpL3NhbWxhdXRoIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9za2ZzLnN0cm9uZ2tleS5jb206ODE4MS9za3NvL3NhbWwiIEZvcmNlQXV0aG49ImZhbHNlIiBJRD0iXzk1ZTQ0ZjM3M2RhMmNjMjc1OTdhYTJjN2RlNzVkYzUwIiBJc3N1ZUluc3RhbnQ9IjIwMjItMDktMjJUMjI6MDQ6MTlaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnN0cm9uZ2tleS5jb208L3NhbWw6SXNzdWVyPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg=="
              }
          }
      }