The following request body is sent during the authorize call:
- URL: https://<FQDN>:<PORT>/skfs/soap?wsdl
- SOAP Action: http://soap.skfs.strongauth.com/SKFSServlet/authorizeRequest
- FIDO2_0 request body:
<?xml version="1.0" ?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Body> <ns2:authorize xmlns:ns2="http://soap.skfs.strongauth.com/"> <svcinfo> { "did":1, "protocol":"FIDO2_0", "authtype":"PASSWORD", "svcusername":"svcfidouser", "svcpassword":"Abcd1234!" } </svcinfo> <payload>
{ "txid": "254900MS6G5FQCUJMZ97-TELLARO-1631149799", "txpayload": "ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9", "publicKeyCredential": { "id": "WBQ0-B9MOEC2LwUn4Vi2K5uA_iDhg3oj7ZJiWG9A5ViFQO6yW1xtf9RGPX-f-Zx3BuS0xavJRey8mJuazZDOAGTnWc3JGH7UGTQzrcwhgizmDJ4t1MrLLjAYQrp64ML_LS9bpWe6_iaAhNHJTDhbeJcgB-Dfigu22xRfSdWbDNacloqveMoSUXuXO8ogJA0AWSq9nxL9MjI7YYV7Z3KOtg36JBe8crPuleQ5Ru_0L30", "rawId": "WBQ0-B9MOEC2LwUn4Vi2K5uA_iDhg3oj7ZJiWG9A5ViFQO6yW1xtf9RGPX-f-Zx3BuS0xavJRey8mJuazZDOAGTnWc3JGH7UGTQzrcwhgizmDJ4t1MrLLjAYQrp64ML_LS9bpWe6_iaAhNHJTDhbeJcgB-Dfigu22xRfSdWbDNacloqveMoSUXuXO8ogJA0AWSq9nxL9MjI7YYV7Z3KOtg36JBe8crPuleQ5Ru_0L30", "type": "public-key", "response": { "authenticatorData": "WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMBAAAAZA", "signature": "MEYCIQCpAyCmCF0Wh84FxDN6TTeUe5nM-LJAUkd4S8kFq-oQqwIhAIaznWJadSphIMXuoDWMUHrjczGEYRfoilvC9VMfRWpD", "userHandle": "", "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiT1BiU3QzWWtiYUZGOFNXdnlMTzkzSDNoSTdSN1hwNHM2UEFsWnZqY210USIsIm9yaWdpbiI6Imh0dHBzOi8vZmlkb3Rlc3Quc3Ryb25na2V5LmNvbSJ9" } }, "appTXID": "exampleappTXID" }
</payload>
<strongkeyMetadata>
{ "version": "1.0", "last_used_location": "Sunnyvale, CA", "username": "test5", "origin": "https://fidotest.strongkey.com" } </strongkeyMetadata>
</ns2:authorize>
</S:Body>
</S:Envelope>
svcinfo Description
|
Value |
Explanation |
|
did |
Unique identifier for a cryptographic domain within SKFS. Unless using a StrongKey Tellaro appliance, this defaults to 1. |
|
protocol |
The FIDO protocol to be used in this request (FIDO2_0). |
|
authtype |
The type of authentication supplied in this service request—it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD authtype. |
|
svcusername |
The username of the service credential requesting this web service. |
|
svcpassword |
The password of the service credential requesting this web service. When PASSWORD type of authentication is used, the SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials under [ SKFS ⇒ Administration ⇒ Security ] for details). |
payload Description
|
Value |
Explanation |
|
txid |
A string with a maximum length of 256 characters that represents a business application-defined unique transaction identifier. It can be anything that is appropriate to the business application. Some examples are shown below:
|
|
txpayload |
This is the base64url-encoded object that resembles the following—it must be precisely what the application sent to the mobile app for transaction authorization: ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9
|
|
appTXID |
An optional string within any SKFS web service request body's payload JSON object that, if added, will attach the appTXID value to the TXID logged by the server. |
publicKeyCredential JSON Object Description
|
Value |
Explanation |
|
id |
The identifier of the FIDO credential. Also known as credentialId within the JavaScript API—Web Authentication (WebAuthn)—it returns a Base64url encoding of the FIDO credential.
|
|
rawid |
An implementation of an ArrayBuffer containing the raw byte sequence of the credentialId. |
|
type |
This attribute’s specifies the credential type represented by this object; in the case of FIDO/WebAuthn protocols, this is always public-key. |
response Description
|
Value |
Explanation |
|
authenticatorData |
A complex data structure with information an RP should use to determine if they will accept the assertion and use the digital signature to confirm the transaction by the user.
|
|
signature |
This attribute contains the raw signature returned from the authenticator. See §6.3.3 The authenticatorGetAssertion Operation. |
|
userHandle |
This attribute contains the user handle returned from the authenticator, or null if the authenticator did not return a user handle. See §6.3.3 The authenticatorGetAssertion Operation. |
|
clientDataJSON |
A serialized representation of a JSON structure whose message digest (a.k.a. hash) is digitally signed by the FIDO Authenticator in response to a FIDO signing operation.
|
strongkeyMetadata Description
|
Value |
Explanation |
|
version |
This attribute describes the version number of the strongkeyMetadata JSON object embedded in the webservice request. This JSON object provides useful information to the RP application that are not critical to the FIDO capabilities—but something applications can extend and rely upon for business use-cases. |
|
create_location |
If available and enabled on the client device, this attribute provides the resolution of Global Positioning System (GPS) coordinates ascertained by applications. |
|
origin |
This is a string of the RP origin (RFC-6525 representation of the application’s URL) so it can be easily accessible to the web application. |
|
username |
This is a string of the application user name so it can be easily accessible to the web application. |