Product Documentation

The following request body is sent during the registration call:

  • URL: https://<FQDN>:<PORT>/skfs/rest/register

  • HTTP Method: POST

  • FIDO2_0 request body:
    {
      "svcinfo": {
        "did": 1,
        "protocol": "FIDO2_0",
        "authtype": "PASSWORD",
        "svcusername": "svcfidouser",
        "svcpassword": "Abcd1234!"
      },
      "payload": {
        "publicKeyCredential": {
          "id": "MBDVxPOZ5To939FLGuhTPaaMA1jqTvajZrqWKbnI81yhEndkjQPbL7Q6W5TerIq_rowNstdvrXCLsOw4aO1-xJB-Q4-WkNPMdYhIiN9yt0rRIiev917ezeNzwIosjrN99MUHR_J_Sw6Js4Q49mllAgZ-gaxnqd7pmIX_V6B7oDfWaKmvImwxo3pGXqXb-6pboouYVbiMl6WA-TooklND0pIXWxdp2SvbfkoIur-c8wA",
          "rawId": "MBDVxPOZ5To939FLGuhTPaaMA1jqTvajZrqWKbnI81yhEndkjQPbL7Q6W5TerIq_rowNstdvrXCLsOw4aO1-xJB-Q4-WkNPMdYhIiN9yt0rRIiev917ezeNzwIosjrN99MUHR_J_Sw6Js4Q49mllAgZ-gaxnqd7pmIX_V6B7oDfWaKmvImwxo3pGXqXb-6pboouYVbiMl6WA-TooklND0pIXWxdp2SvbfkoIur-c8wA",
          "response": {
            "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEgwRgIhAJ4iYNBFTz_LTi37Dts5HDpHpEnqBK6y_ZE2LuwHWR_OAiEA_-RFrFoDVkqYUTf-0DDnvsU5FT8wqheH4pHbyvqjh_djeDVjgVkB5DCCAeAwggGDoAMCAQICBGwrWPIwDAYIKoZIzj0EAwIFADBkMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMxIjAgBgNVBAsTGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xGDAWBgNVBAMMD0F0dGVzdGF0aW9uX0tleTAeFw0xOTA3MTgxNzExMjdaFw0yOTA3MTUxNzExMjdaMGQxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5TdHJvbmdBdXRoIEluYzEiMCAGA1UECxMZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEYMBYGA1UEAwwPQXR0ZXN0YXRpb25fS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMfSGPrr3xL2fR2iV98mmJjqkiGEMUtzotxHe4sOM1xkeQuEWisjkHiLtYStkAoKKttdCo8DRVN06bKgDGS2ZhaMhMB8wHQYDVR0OBBYEFDRC0OBwQ401s4_RNGe9fROBHi8YMAwGCCqGSM49BAMCBQADSQAwRgIhAO0W0djQrcjEMIshhjgA8vKwx4zRT5WRvCKfZK_YgCorAiEAot3DQBY0y9N_rJOwtZYo-yUOpju64X3QzHw10o3oMLloYXV0aERhdGFZATSyyBYoH-owyRyy_WxSXxKdk4SXIbgPcYuaz8s47lSqOkEAAAAAAAAAAAAAAAAAAAAAAAAAAACwMBDVxPOZ5To939FLGuhTPaaMA1jqTvajZrqWKbnI81yhEndkjQPbL7Q6W5TerIq_rowNstdvrXCLsOw4aO1-xJB-Q4-WkNPMdYhIiN9yt0rRIiev917ezeNzwIosjrN99MUHR_J_Sw6Js4Q49mllAgZ-gaxnqd7pmIX_V6B7oDfWaKmvImwxo3pGXqXb-6pboouYVbiMl6WA-TooklND0pIXWxdp2SvbfkoIur-c8wClAQIDJiABIVggYuHJDPmHnCV9BJSQoPFp1r05eYfEzavw3JRQzLPg7tYiWCCCLNLY2cuivtzxnwOSYHhKYOPHMmTcyRW4_Jy2IUZqFA",
            "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiRkNNMHV0SWxwNEt3NG8yRHB6bnI1USIsIm9yaWdpbiI6Imh0dHBzOi8vc2FrYTIwOS5zdHJvbmdhdXRoLmNvbSJ9"
          },
          "type": "public-key"
        },
        "strongkeyMetadata": {
          "version": "1.0",
          "create_location": "Sunnyvale, CA",
          "origin": "https://<FQDN>",
          "username": "johndoe"
        },
        "appTXID": "exampleappTXID"
      }
    }

 

svcinfo Description

Value

Explanation

did

Unique identifier for an SKFS cryptographic domain. Unless you are using a StrongKey Tellaro appliance, this defaults to 1.

protocol

The FIDO protocol to be used in this request (FIDO2_0).

authtype

The type of authentication supplied in this service request—it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD type of authentication.

svcusername

The username of the service credential requesting this web service.

svcpassword

The password of the service credential requesting this web service.

When PASSWORD authtype is used, SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials [SKFS ⇒ Administration ⇒ Security] for details).



payload Description

publicKeyCredential JSON Object Description

Value

Explanation

id

The FIDO credential identifier. Also known as credentialId within the JavaScript API—Web Authentication (WebAuthn)—it returns a Base64url encoding of the FIDO credential.

NOTE: This value is used by FIDO authenticators to uniquely identify a specific credential registered at a specific RP site.

rawid

An implementation of an ArrayBuffer containing the raw byte sequence of the credentialId

attestationObject

A complex data structure with information an RP should use to determine if they will accept the registration and use the newly generated credential to authenticate the user. This attribute is embedded inside a response object within publicKeyCredential.

NOTE: SKFS relies heavily on this object to determine if the generated credential—and the authenticator that generated it—conform to the security policy defined within SKFS. As a result, RP applications that must comply with regulations such as GDPR, PSD2, etc.—or who require high levels of security—must ensure requiring an attestation object within SKFS policy.

clientDataJSON

A serialized representation of a JSON structure whose message digest (aka hash) is digitally signed by the FIDO Authenticator in response to a FIDO signing operation. This attribute is also embedded inside a response object within publicKeyCredential.

NOTE: This object represents the most important result of a FIDO signing operation—it is what provides cryptographic evidence that the right challenge was signed with the right credential registered at this RP.

type

The type of credential—in the case of FIDO, this will always be public-key.



strongkeyMetadata Description

Value

Explanation

version

This attribute describes the version number of the strongkeyMetadata JSON object embedded in the web service request. This JSON object provides to the RP application useful data that are not critical to the FIDO capabilities—but which applications can extend and rely upon for business use-cases.

create_location

If available and enabled on the client device, this attribute provides the resolution of Global Positioning System (GPS) coordinates ascertained by applications.

origin

This is a string of the RP origin (RFC-6525 representation of the application’s URL), so it can be easily accessible to the web application.

username

This is a string of the name of the user using the application, so it can be easily accessible to the web application.

 

appTXID Description

appTXID

An optional string within any SKFS web service request body's payload JSON object that, if added, will attach the appTXID value to the TXID logged by the server.