SKFS can be configured to send different responses based on the following configuration properties:
- skfs.cfg.property.return.MDS
- skfs.cfg.property.jwt.create (Click here for detailed jwt description)
- skfs.cfg.property.return.responsedetail
Default response
A successful default FIDO2_0 response with the three configuration properties defined above set to false (accompanied by a 200 OK) will look similar to the following:
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "johndoe",
"jwt": "",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-77-1717793850650"
}
Response with JWT
If "skfs.cfg.property.jwt.create" is set to true, the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "johndoe",
"jwt": "eyJhbG......",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-77-1717793850650"
}
Response with SAML
If "skfs.cfg.property.generate.saml.response" is set to true, the response will look similar to the following.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "johndoe",
"saml": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Response with JWT and SAML
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.generate.saml.response" are set to true, the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"jwt" : "eyaca...",
"saml": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (default)
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, "skfs.cfg.property.return.responsedetail.format" is set to default and "skfs.cfg.property.auth.return.responselevel" is set to 0, the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"responseDetail": {
"responseFormat": "default",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb..."
}
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, "skfs.cfg.property.return.responsedetail.format" is set to default and "skfs.cfg.property.auth.return.responselevel" is set to 1 (by default), the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed authentication response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"responseDetail": {
"responseFormat": "default",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (webauthn2 format)
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to webauthn2, the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"responseDetail": {
"responseFormat": "webauthn2",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Response with metadata
If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.MDS" are set to true , the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"mdsEntry": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (default) with metadata
If "skfs.cfg.property.jwt.create", "skfs.cfg.property.return.MDS", and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to default, the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"mdsEntry": {
...
},
"responseDetail": {
"responseFormat": "default",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}
Detailed response (webauthn2 format) with metadata
If "skfs.cfg.property.jwt.create", "skfs.cfg.property.return.MDS" and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to webauthn2, the response will look similar to the following. Click here for an example.
{
"Response": "Successfully processed sign response",
"responseCode": "FIDO-MSG-0008",
"username": "testuser",
"mdsEntry": {
...
},
"responseDetail": {
"responseFormat": "webauthn2",
...
},
"keyInfo": {
...
},
"jwt": "eyJhb...",
"skfsVersion": "4.13.0",
"registrationVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-69-1717794572897"
}