Product Documentation

    SKFS can be configured to send different responses based on the following configuration properties:

    1. skfs.cfg.property.return.MDS
    2. skfs.cfg.property.jwt.create (Click here for detailed jwt description)
    3. skfs.cfg.property.return.responsedetail

     

    Default response

    A successful default FIDO2_0 response with the three configuration properties defined above set to false (accompanied by a 200 OK) will look similar to the following:

    {
        "Response":"Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "jwt":""
    }

     

    Response with JWT

    If "skfs.cfg.property.jwt.create" is set to true, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "jwt": "eyJhb..."
    }

     

    Response with SAML

    If "skfs.cfg.property.generate.saml.response" is set to true, the response will look similar to the following.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "saml": "eyJhb..."
    }

     

    Response with JWT and SAML

    If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.generate.saml.response" are set to true, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "jwt" : "eyaca..."
        "saml": "eyJhb..."
    }

     

    Detailed response (default)

    If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, "skfs.cfg.property.return.responsedetail.format" is set to default and "skfs.cfg.property.auth.return.responselevel" is set to 0, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "responseDetail": {
            "responseFormat": "default",
              ...
        },
        "keyInfo": {
          ...
        },
        "jwt": "eyJhb..."
    }

    If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, "skfs.cfg.property.return.responsedetail.format" is set to default and "skfs.cfg.property.auth.return.responselevel" is set to 1, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "responseDetail": {
            "responseFormat": "default",
              ...
        },
        "keyInfo": {
          ...
        },
        "jwt": "eyJhb..."
    }


    Detailed response (webauthn2 format)

    If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to webauthn2, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "responseDetail": {
            "responseFormat": "webauthn2",
              ...
        },
        "keyInfo": {
          ...
        },
        "jwt": "eyJhb..."
    }


    Response with metadata

    If "skfs.cfg.property.jwt.create" and "skfs.cfg.property.return.MDS" are set to true , the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "mdsEntry": {
          ...
        },
        "jwt": "eyJhb..."
    }


    Detailed response (default) with metadata

    If "skfs.cfg.property.jwt.create", "skfs.cfg.property.return.MDS", and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to default, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "mdsEntry": {
          ...
        },
        "responseDetail": {
            "responseFormat": "default",
              ...
        },
        "keyInfo": {
          ...
        },
        "jwt": "eyJhb..."
    }


    Detailed response (webauthn2 format) with metadata

    If "skfs.cfg.property.jwt.create", "skfs.cfg.property.return.MDS" and "skfs.cfg.property.return.responsedetail" are set to true, and "skfs.cfg.property.return.responsedetail.format" is set to webauthn2, the response will look similar to the following. Click here for an example.

    {
        "Response": "Successfully processed sign response",
        "responseCode": "FIDO-MSG-0008",
        "username": "testuser",
        "mdsEntry": {
          ...
        },
        "responseDetail": {
            "responseFormat": "webauthn2",
              ...
        },
        "keyInfo": {
          ...
        },
        "jwt": "eyJhb..."
    }