Product Documentation

The following request body is sent during the silentauthenticate call:

  • URL: https://<FQDN>:<PORT>/skfs/rest/silentauthenticate

  • HTTP Method: POST

  • FIDO2_0 request body:
    {{
        "svcinfo": {
            "did": 1,
            "protocol": "FIDO2_0",
            "authtype": "PASSWORD",
            "svcusername": "svcfidouser",
            "svcpassword": "Abcd1234!"
        },
        "payload": {
            "jwt": "eyJhbGciOiJFUzI1NiIuRXh0.....xtJJjCJmjuzg9d9gSnbQ",
            "ssorequest": [
                {
                    "saml": "PHNhbWxwOkF1dGhuUmVxdWVzd...FtbHA6QXV0aG5SZXF1ZXN0Pg==",
                    "applicationName": "jmeter",
                    "TLSCACert": "MIIDDzCCAragAwIBAgIU...m2Jx3EZF6GLDlPSiQ==",
                    "nameIdFormat": "kerberos"
                }
            ],
            "username": "jilldoe"
        },
        "appTXID": "exampleappTXID"
    }

 

svcinfo Description

Value

Explanation

did

Unique identifier for a cryptographic domain within SKFS. Unless using a StrongKey Tellaro appliance, this defaults to 1.

protocol

The FIDO protocol to be used in this request (FIDO2_0).

authtype

The type of authentication supplied in this service request—it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD type of authentication.

svcusername

The username of the service credential requesting this web service.

svcpassword

The password of the service credential requesting this web service.

When PASSWORD authtype is used, SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials under [SKFS ⇒ Administration ⇒ Security] for details).

 

payload Description

Value

Explanantion

jwt

JSON Web Token (JWT) conforming to RFC-7519, that was provided when the user was authenticated

ssorequest

An array of JSON Objects containing the following values:

saml

This attribute contains the Base64 encoded SAML Request sent by a service provider in a SP initiated Single Sign On (SSO) flow. 

applicationName

[OPTIONAL]: The string value for the application Name

TLSCACert

[OPTIONAL]: Base64 pem encoded String value for TLS ClientAuth certificate of the user

nameIdFormat

[OPTIONAL]: the NameID format specifies how a user's identity is represented within a SAML assertion. It's a crucial part of how identity providers and service providers exchange information about users. By default, the value for NameID format is kerberos.

This can be take values: kerberos | emailaddress | subjectname. 

username

This is a string of the name of the application user, so it can be easily accessible to the web application.

 

 

appTXID Description

appTXID

An optional string within any SKFS web service request body's payload JSON object that, if added, will attach the appTXID value to the TXID logged by the server.