Product Documentation

The following request body is sent during the getkeysinfo call:

  • URL: https://<FQDN>:<PORT>/skfs/soap?wsdl

  • SOAP Action: http://soap.skfs.strongauth.com/SKFSServlet/getkeysinfoRequest

  • FIDO2_0 request body:
    <?xml version="1.0" ?>
      <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
        <S:Body>
          <ns2:getkeysinfo xmlns:ns2="http://soap.skfs.strongauth.com/">
            <svcinfo>
            {
              "did":1,
              "protocol":"FIDO2_0",
              "authtype":"PASSWORD",
              "svcusername":"svcfidouser",
              "svcpassword":"Abcd1234!"
            }
            </svcinfo>
            <payload>
            {
              "username":"testuser",
              "appTXID": "exampleappTXID"
            }
            </payload>
          </ns2:getkeysinfo>
        </S:Body>
      </S:Envelope>

 

svcinfo Description

Value

Explanation

did

Unique identifier for a cryptographic domain within the SKFS. Unless using a StrongKey Tellaro appliance, this defaults to 1.

protocol

The FIDO protocol to be used in this request (FIDO2_0).

authtype

The type of authentication supplied in this service request - it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD type of authentication.

svcusername

The username of the service credential requesting this web service.

svcpassword

The password of the service credential requesting this web service.

When PASSWORD authtype is used, SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials under [ SKFS ⇒ Administration ⇒ Security ] for details).

 

payload Description

username

A string identifying the user uniquely within the application.

NOTE: While it is traditional for web applications to register users with their e-mail addresses, new privacy regulations (such as the the EU's General Data Protection Regulation, a.k.a. GDPR, or the California Consumer Privacy Act, a.k.a. CCPA) might require that applications protect this personally identifiable information (PII).

     It is recommended that applications get the e-mail address from the user as part of the registration process, but that applications also generate a randomly generated string—such as a UUID—as the username in this web service. This will ensure that the SKFS database holds no information that could be deemed PII.

     To identify users, applications may choose to still prompt them for an e-mail address; but once identified, the web application could use the UUID associated with that user in this parameter to register a FIDO credential for that user.

appTXID

An optional string within any SKFS web service request body's payload JSON object that, if added, will attach the appTXID value to the TXID logged by the server.