SKFS can be configured to send different responses based on the following configuration properties:
- skfs.cfg.property.jwt.create (Click here for detailed jwt description)
- skfs.cfg.property..saml.response
- skfs.cfg.property.return.responsedetail
- skfs.cfg.property.return.MDS
Default response
A successful default FIDO2_0 response with the four configuration properties defined above set to false (accompanied by a 200 OK) will look similar to the following:
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "johndoe",
"jwt": "",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-77-1717793850650"
}
Response with JWT
If "skfs.cfg.property.jwt.create" is set to true, the response will look similar to the following. Click here for Example1.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "johndoe",
"jwt": "eyJhbG......",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-77-1717793850650"
}
Response with SAML
If "skfs.cfg.property.generate.saml.response" is set to true, the response will look similar to the following. Click here for Example2.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "johndoe",
"saml": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Response with JWT and SAML
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.generate.saml.response" are set to true, the response will look similar to the following. Click here for Example3.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"jwt" : "eyaca...",
"saml": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (default)
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, "skfs.cfg.property.return.responsedetail.format" is set to default and "skfs.cfg.property.auth.return.responselevel" is set to 1 (by default), the response will look similar to the following. Click here for example4.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"responseDetail": {
"responseFormat": "default",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, "skfs.cfg.property.return.responsedetail.format" is set to default and "skfs.cfg.property.auth.return.responselevel" is set to 0, the response will look similar to the following.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"responseDetail": {
"responseFormat": "default",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb..."
}
Detailed response (webauthn2 format)
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to webauthn2, the response will look similar to the following. Click here for an example5.
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"responseDetail": {
"responseFormat": "webauthn2",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Response with metadata
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.MDS" are set to true , the response will look similar to the following. Click here for example6.
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"mdsEntry": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (default) with metadata
If "skfs.cfg.property.jwt.create", "skfs.cfg.property.return.MDS", and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to default, the response will look similar to the following. Click here for Example7
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"mdsEntry": {
...
},
"responseDetail": {
"responseFormat": "default",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (webauthn2 format) with metadata
If "skfs.cfg.property.jwt.create", "skfs.cfg.property.return.MDS" and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to webauthn2, the response will look similar to the following. Click here for Example8
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"mdsEntry": {
...
},
"responseDetail": {
"responseFormat": "webauthn2",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.14.0",
"registrationVersion": "4.14.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}