Product Documentation

    All the web services available in the SKFS APIs accept a username/password authentication scheme. These credentials are stored on an LDAP server, which authenticates credentials passed in via the request body. By default, the FIDO Server is configured to use a local OpenLDAP server set up during install. It is possible to configure SKFS to use an external LDAP/AD by changing the following configurations:

    $STRONGKEY_HOME/appliance/etc/appliance-configuration.properties:
	appl.cfg.property.service.ce.ldap.ldaptype=
    
$STRONGKEY_HOME/skce/etc/skce-configuration.properties:
	ldape.cfg.property.service.ce.ldap.ldapurl=
	ldape.cfg.property.service.ce.ldap.ldaptype=
	ldape.cfg.property.service.ce.ldap.ldapbinddn=
	ldape.cfg.property.service.ce.ldap.ldapbinddn.password=
	ldape.cfg.property.service.ce.ldap.ldapdnprefix=
	ldape.cfg.property.service.ce.ldap.ldapdnsuffix=
	ldape.cfg.property.service.ce.ldap.basedn=
	ldape.cfg.property.service.ce.ldap.ldapgroupsuffix=

     

         Here is an example of the LDAP service credential username and password in the request body:

    {
  "svcinfo": {
    "did": 1,
    "protocol": "FIDO2_0",
    "authtype": "PASSWORD",
    "svcusername": "svcfidouser",
    "svcpassword": "Abcd1234!"
  },
  "payload": {
    "username": "johndoe",
    "displayname": "Initial Registration",
    "options": {
      "attestation": "direct"
    },
    "extensions": "{}"
   }
}

    The .ldif files used to set up a default SKFS can be found in the source under the 'fidoserverInstall' directory:

    • skce-base.ldif
    • skce.ldif