Product Documentation
SEARCH
Home
StrongKey FIDO Server
Release Notes
SKFS 4.14.0
SKFS 4.13.0
SKFS 4.12.0
SKFS 4.11.0
SKFS 4.10.0
SKFS 4.9.0
SKFS 4.8.0
SKFS 4.7.0
Security Assertion Markup Language (SAML)
Back
SKFS 4.6.0
SKFS 4.5.0
SKFS 4.4.3
SKFS 4.4.2
SKFS 4.4.1
Cross-domain Authentication
Back
SKFS 4.4
StrongKey Android Client Library (SACL) Preview Release 1
JSON Web Tokens (JWTs)
Back
SKFS 4.3.x
Back
Introduction
Background
What Makes FIDO Different?
The Power of FIDO
Useful Links
Back
Installation
SKFS Installation Checklist
Standalone Installation
Clustered Installation
Dockerized Installation
Install HAProxy Load Balancer
Upgrading SKFS
Upgrading to SKFS 4.14.0
Upgrading to SKFS 4.13.2
Upgrading to SKFS 4.12.0
Upgrading to SKFS 4.11.0
Upgrading to SKFS 4.10.0
Upgrading to SKFS 4.9.0
Upgrading to SKFS 4.8.0
Upgrading to SKFS 4.7.0
Upgrading to SKFS 4.6.0
Upgrading to SKFS 4.5.0
Back
Simulating Node Failures
Removal
Back
Administration
Operations
Deployment Considerations
Two Nodes, Single/Multiple Data Center
Two Nodes, Single/Multiple Data Centers with a Load Balancer
Four Nodes, Multiple Data Centers
Four Nodes, Multiple Data Centers, One Load Balancer
Four Nodes, Multiple Data Centers with One Load Balancer per Data Center
Back
Tasks
Adding Access/Secret Keys
Creating a New Access Key and Secret Key
Adding Access/Secret Keys in Standalone SKFS
Adding Access/Secret Keys in an SKFS Cluster
Back
changeUserName (REST)
Request
Response
Back
Configuring Network Time Protocol (NTP)
Monitoring SKFS
Back
Service Credentials
Manage Credentials
Back
Security
Operating System
System Credentials
Credential Matrix
Protecting against root
Protecting the strongkey Application Credential
Other Controls
Back
Back
Policy
SKFS Policy Module (PM)
JSON Schema
Minimal (Any Hardware Authenticator)
Moderate (Specific Authenticators)
Strict (All Biometric Devices)
Strict (Android SafetyNet)
Restricted (TPM)
Restricted (Android)
Restricted (Apple PassKey)
Restricted (FIPS)
MetaDataService (MDS)
FIDO Policy Options
requireCounter
integritySignatures
userVerification
userPresenceTimeout
allowAaguids
algorithms
curves (EC)
rsa
signatures (EC)
Back
attestation
conveyance
formats
Back
registration
displayName
attachment
discoverableCredential (residentKey)
excludeCredentials
Back
authentication
allowCredentials
Back
authorization
maxDataLength
preserve
Back
rp
Metadata Service (MDS)
JSON Web Tokens (JWTs)
signcerts
Back
Back
Back
Configuration
Immutable Configuration
Mutable Configuration
Global Configuration
Back
CLI Tool
FIDO Operations (skfsclient)
Registration (R)
Authentication (A)
Authorization (AZ)
Get FIDO Credential (G)
Update FIDO Credential (U)
Delete/De-register (D)
Back
Admin Operations (skfsadminclient)
Ping SKFS (P)
Get Policy (GP)
Create Policy (CP)
Update Policy (UP)
Delete Policy (DP)
Get Configuration (GC)
Update Configuration (UC)
Delete Configuration (DC)
Update Username (UU)
Get User Keys (GUK)
Back
Back
SSO
SAML
Enabling SAML
Back
Back
Back
How To ...
Add an Additional Server to the SKFS Cluster
Step # 1 on existing Server
Step # 2 on the New Server
Back
Create and add new alias
Debug Replication Issues
Manage FIDO Metadata Service (MDS)
How does the Strongkey server handle FIDO Alliance Metadata Service (MDS)
Manage MDS configurations
Add private MDS Files
Back
Manage Keystores or Certificates
Using an Existing Java Keystore (JKS)
Subject Alternative Name (SAN)
Importing the Certificate (JKS)
Back
Using a New PKCS12 Keystore (P12)
Importing the Certificate (P12)
Replacing the existing keystore
Back
Find current self-signed certificate used by SKFS
Import certificate into client application trust-store
Back
Manage SKFS Policy
Get Policy
Update Policy
Create Policy
Delete Policy
Back
Manage SKFS Configuration
Change challenge Timeout
Enable fakeKeyHandles
Enable and Disable SAML
Enable and Disable JWT
Enable and Disable Related Origin Requests
Enable and disable retainAuthenticateChallenge
Back
Perform SKFS Operations
Create a domain on Standalone SKFS
Backup - OpenLDAP, Keystores and Database
Restore - OpenLDAP, Keystores and Database
Back
Create a domain on Clustered Deployment
Perform database operations
Restart Database
Login to the database
Take database backup
View database logs
Back
Perform payara operations
Restart Payara
View Payara Logs
Deploy FIDO server
Back
Regenerate Signing Keys
Back
Replace a Server in the SKFS Cluster
Step #1 on the New Node
Step #2 on the Old Node
Step #3 on the New Node
Step #4 on the Old Node
Back
Back
Troubleshooting
Standalone Node Troubleshooting Guide
Clustered Node Troubleshooting Guide
Error Codes and Their Meanings
Solutions for Known Issues
Certificate not found in truststore while Authentication in Discover
CORS Missing Allow Origin or ERR_CERT_AUTHORITY_INVALID
Json could not be parsed : Invalid 'request type'
Json could not be parsed : Policy requires counter
JWT CIP 192.168.x.xx does not match: [localhost]]]
mysql binary does not exist or cannot be executed
Remote server does not listen for requests on [localhost:4848]
RPID Hash invalid - Does not match policy
This security key doesn't look familiar. Please try a different one.
Back
Back
Developer
Sample Applications
StrongKey Sample FIDO Android App Preview Release
Basic Java Sample Application
E-commerce Applications
Sample FIDO eCommerce Application
FIDO-enabled eCommerce Application (Backend)
FIDO-enabled Key Management Application
Back
SKFS Demo for iOS
Project Setup
Running the Application
Project Code
Registering a New User
Authenticating a User
Back
SKFS with Native apps for iOS 15 and less
Back
Policy Module Demo
Installation Instructions on a Server with a FIDO2 Server on a SEPARATE Server
Installation Instructions for FIDO Policy Application
Registering a User
Logging Out
Logging In
My Profile
Building FIDO Policy Demo from source
Back
StrongKey Discover
Project Setup
Installation alongside SKFS
Installation on Separate VM
Screenshots
Project Code
Registering a New User
Authenticating a User
Back
Configuration
Back
Back
SKFS API
REST API
preregister
Request
Response
Back
register
Request
Response
Example 2
Example 3
Example 4
Example 5
Example 6
Back
Back
preauthenticate
Request
Response
Back
authenticate
Request
Response
Example 1
Example 2
Example 3
Example 4
Example 5
Example 6
Example 7
Example 8
jwt Description
Back
Back
preauthorize
Request
Response
Back
authorize
Request
Response
Back
getkeysinfo
Request
Response
Back
updatekeyinfo
Request
Response
Back
deregister
Request
Response
Back
FIDO Admin APIs
addpolicy
Request
Response
Back
getpolicy
Request
Response
Back
updatepolicy
Request
Response
Back
deletepolicy
Request
Response
Back
getconfiguration
Request
Response
Back
deleteconfiguration
Request
Response
Back
updateconfiguration
Request
Response
Back
ping
Request
Response
Back
updateusername
Request
Response
Back
getuserkeys
Request
Response
Back
Back
Back
SOAP API
preregister
Request
Response
Back
register
Request
Response
Back
preauthenticate
Request
Response
Back
authenticate
Request
Response
Back
preauthorize
Request
Response
Back
authorize
Request
Response
Back
getkeysinfo
Request
Response
Back
updatekeyinfo
Request
Response
Back
deregister
Request
Response
Back
Back
API Security
Password-based Authentication
HMAC-based Authentication [Deprecated]
Back
FIDO2-enabling a Web Application
Initial Registration
Authentication
Back
Back
Build SKFS from source
Add Maven Dependencies
Back
Tutorial
Node.js
Requirements
Install Components
Installing and Deploying PREFIDO
FIDO-enabling PREFIDO
Back
Back
Discoverable Credentials
Registration
Authentication
Back
Back
Demos
TLS ClientAuth + FIDO
Security Keys
Browsers
Linux
MacOS
Windows
Back
TLS ClientAuth + FIDO Enabled Web Applications
Back
Back
MFA Implementations
Manufacturer
GoTrust
PAM-Console
Configure Idem Key
Configuring the Linux Authentication System
Rocky/RHEL 9.2 or Before
Rocky/RHEL 9.3 or After
Back
Requiring a Security Key to authenticate Administrators
Testing MFA with Security Keys
Back
OpenSSH
Linux OpenSSH
Windows OpenSSH
Windows OpenSSH with PuTTY
Mac OpenSSH
Back
TLS ClientAuth
OpenVPN
Linux OpenVPN
WIndows OpenVPN
Back
FIDO Registration
Back
TrustKey Solutions
PAM-Console
Configure Trustkey
Configuring the Linux Authentication System
Rocky/RHEL 9.2 or Before
Rocky/RHEL 9.3 or After
Back
Requiring a Security Key to authenticate Administrators
Testing MFA with Security Keys
Back
OpenSSH
Linux OpenSSH
Windows OpenSSH
Windows OpenSSH with PuTTY
Mac OpenSSH
Back
FIDO Registration
Back
Yubico
PAM-Console
Configure YubiKey
Configuring the Linux Authentication System
Rocky/RHEL 9.2 or Before
Rocky/RHEL 9.3 or After
Back
Requiring a Security Key to authenticate Administrators
Testing MFA with Security Keys
Back
OpenSSH
Linux OpenSSH
Windows OpenSSH
Windows OpenSSH with PuTTY
Mac OpenSSH
Back
TLS ClientAuth
OpenVPN
Linux OpenVPN
WIndows OpenVPN
Back
FIDO Registration
Back
Back
Tested MFA Configurations
October 2023
September 2023
Back
Back