- On a success, the web service will return the following JSON FIDO2_0 response with a 200 OK, including a list of registered FIDO keys for the user:
<?xml version='1.0' encoding='UTF-8'?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Body> <ns2:getkeysinfoResponse xmlns:ns2="http://soap.skfs.strongauth.com/"> <return>
{ "Response": { "keys": [{ "keyid": "1-1-johndoe-22", "fidoProtocol": "FIDO2_0", "credentialId": "JVfFNxwf6zK8WdLwJOrvDAZLdvYrryFpgJNFu-8zq75bPC7FSx47wIOyk4yDyEnQ0vlkWOKAMwYs15BW3xWJoDq0VkBIVWPHeUuRhDrqzclJ6nQJwW13M9RfdbGlgIo-aPK_Y4Wd0x6drSJIXSyJDzs7FdzFrj0PtpaanVA_1ie8qsACY5YKHgTjvp5yPxXkDu8z3nsGn6aQLmaAe5psaqJxyU3o8qofXVOCuV0HivI", "aaguid": "2fc0579f-8113-47ea-b116-bb5a8db9202a", "createLocation": "Cupertino, CA", "createDate": 1615845872000, "lastusedLocation": "Sunnyvale, CA", "lastUsedDate": 1616031951000, "modifyDate": 1616031951000, "status": "Active", "displayName": "Biometric Trustkey", "attestationFormat": "packed" }, { "keyid": "1-1-73567", "fidoProtocol": "FIDO2_0", "credentialId": "WBQ0-B9MOEC2LwUn4Vi2K5uA_iDhg3oj7ZJiWG9A5ViFQO6yW1xtf9RGPX-f-Zx3BuS0xavJRey8mJuazZDOAGTnWc3JGH7UGTQzrcwhgizmDJ4t1MrLLjAYQrp64ML_LS9bpWe6_iaAhNHJTDhbeJcgB-Dfigu22xRfSdWbDNacloqveMoSUXuXO8ogJA0AWSq9nxL9MjI7YYV7Z3KOtg36JBe8crPuleQ5Ru_0L30", "aaguid": "2fc0579f-8113-47ea-b116-bb5a8db9202a", "createLocation": "Cupertino, CA", "createDate": 1615845332000, "lastusedLocation": "Cupertino, CA", "lastUsedDate": 1624381242480, "modifyDate": 1624381242480, "status": "Active", "displayName": "Blue Yubikey", "attestationFormat": "packed" }] }, "responseCode":"FIDO-MSG-0012", "skfsVersion":"4.13.0", "skfsFQDN":"example.strongkey.com", "TXID":"1-1-74-1717802120311" }
</return>
</ns2:getkeysinfoResponse>
</S:Body>
</S:Envelope>
- On a success, with "skfs.cfg.property.return.MDS" set to true the web service will return the following JSON FIDO2_0 response with a 200 OK, including a list of registered FIDO keys for the user:
<?xml version='1.0' encoding='UTF-8'?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Body> <ns2:getkeysinfoResponse xmlns:ns2="http://soap.skfs.strongauth.com/"> <return> { "Response": { "keys": [{ "keyid": "1-1-johndoe-22", "fidoProtocol": "FIDO2_0", "credentialId": "JVfFNxwf6zK8WdLwJOrvDAZLdvYrryFpgJNFu-8zq75bPC7FSx47wIOyk4yDyEnQ0vlkWOKAMwYs15BW3xWJoDq0VkBIVWPHeUuRhDrqzclJ6nQJwW13M9RfdbGlgIo-aPK_Y4Wd0x6drSJIXSyJDzs7FdzFrj0PtpaanVA_1ie8qsACY5YKHgTjvp5yPxXkDu8z3nsGn6aQLmaAe5psaqJxyU3o8qofXVOCuV0HivI", "aaguid": "2fc0579f-8113-47ea-b116-bb5a8db9202a", "createLocation": "Cupertino, CA", "createDate": 1615845872000, "lastusedLocation": "Sunnyvale, CA", "lastUsedDate": 1616031951000, "modifyDate": 1616031951000, "status": "Active", "displayName": "Biometric Trustkey", "attestationFormat": "packed", "mdsEntry": null }, { "keyid": "1-1-73567", "fidoProtocol": "FIDO2_0", "credentialId": "WBQ0-B9MOEC2LwUn4Vi2K5uA_iDhg3oj7ZJiWG9A5ViFQO6yW1xtf9RGPX-f-Zx3BuS0xavJRey8mJuazZDOAGTnWc3JGH7UGTQzrcwhgizmDJ4t1MrLLjAYQrp64ML_LS9bpWe6_iaAhNHJTDhbeJcgB-Dfigu22xRfSdWbDNacloqveMoSUXuXO8ogJA0AWSq9nxL9MjI7YYV7Z3KOtg36JBe8crPuleQ5Ru_0L30", "aaguid": "2fc0579f-8113-47ea-b116-bb5a8db9202a", "createLocation": "Cupertino, CA", "createDate": 1615845332000, "lastusedLocation": "Cupertino, CA", "lastUsedDate": 1624381242480, "modifyDate": 1624381242480, "status": "Active", "displayName": "Blue Yubikey", "attestationFormat": "packed", "mdsEntry": { "aaguid": "6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", "metadataStatement": { "legalHeader": "https://fidoalliance.org/metadata/metadata-statement-legal-header/", "aaguid": "6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", "description": "Security Key by Yubico with NFC", "authenticatorVersion": 50100, "protocolFamily": "fido2", "schema": 3, "upv": [{ "major": 1, "minor": 0 }], "authenticationAlgorithms": ["ed25519_eddsa_sha512_raw", "secp256r1_ecdsa_sha256_raw"], "publicKeyAlgAndEncodings": ["cose"], "attestationTypes": ["basic_full"], "userVerificationDetails": [ [{ "userVerificationMethod": "presence_internal" }, { "userVerificationMethod": "none" }, { "userVerificationMethod": "passcode_internal", "caDesc": { "base": 64, "minLength": 4, "maxRetries": 8, "blockSlowdown": 0 } }] ], "keyProtection": ["hardware", "secure_element"], "matcherProtection": ["on_chip"], "cryptoStrength": 128, "attachmentHint": ["external", "wired", "wireless", "nfc"], "tcDisplay": [], "attestationRootCertificates": ["MIIDHjCCAgagAwIBAgIEG0BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbwnebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXwLvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJhjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4MYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kthX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2kLVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1UsG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqcU9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw=="], "icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAfCAYAAACGVs+MAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAHYYAAB2GAV2iE4EAAAbNSURBVFhHpVd7TNV1FD/3d59weQSIgS9AQAXcFLAQZi9fpeVz1tY/WTZr5Wxpc7W5knLa5jI3Z85srS2nM2sjtWwZS7IUH4H4xCnEQx4DAZF74V7us885v9/lInBvVJ/B4Pv9nu/5nu/5nvM556fzA/Qv0Hb/IrX3VFKPo45cnm4inUIWYwLFRmZQUuwjFG/N1iRHh1EZ0NRVRudqt1Bd+2nSKyS/Ohys0+lk3e/3kQ9qvD4ZUta4VVSUuY0eipyiThAfocoORVgDuuw3qKRiAd3rbcEtjTjYIof6WaHsCmzVPWCMx+cgh8tLqWMKaMWsUjLqo2RtJIQ0oOzmerpQu4esZgsONkGxH7d0kdvTT17s4OMU7VI8ZhjgGaM+Aq9iENu8Pif1udz07MwvKWf8GlVoCEY04PC5WdTaXYFbR8vNvL5+3Kgfb5xNMya9RamJiynaMlGTVtFlr6ba9u+pqnEX4uMuRRgjSYEhrN7utFFe6lqal7Nfkw5imAGHynPpbk8VmY0xstnptlFCVCYtzTuBN83QpMLjTtevdPzSUnJ7e8mkjxZ39fXbKDfldZqbvU+TUgGnBVF6fQ2iPHg4W16UWUwvzbk16sMZE+Pn0pvz7JSeuAyes8lcpCmaKuo/p+qWr2UcwIAHWrvP0YEzhXAtLAbssHhp7iGamvyijP8ryqrXUWX9XoowxyAufNBrp43POBFXZlkf8MDRiqcpyowAwpuz2x+fWvz/Dtde9smszygtcR6C1wbdzBl6Olq5WNYY4oGathJMrkTEx0jARSHAVs+5rYkQNXb+QgfPLsQ6gXyInsreQfmpm7RVFYfL86n1fiUOkYvShkUPxvbukzoy6K1ihM1ho3XzW6EvSfXA+dpiWGaWd+doXzLzmGwKYFLCAsRAlPBAhMlCFXU7tBUVPr8HgVcJHWq+F00plr+DMTdrP4zvxY11kNMhxT+SeTGg+d4V5LQJityUGJNB8VFZsjgYBZM/II/XCTkj0qyDOpF2AVQ17CIjUp/DnT1UkL5F5gdj+sS1wg1gE3gigm60fCXzSnPXbyAPbIXv+IDpE16ThaHIS9skyhlmME5F3cfqAKhq2C0E5PH1gYaXaLPDkZG0HDJOnKWHp51I0z5SOux8e1WAuZzdHQrTkp8TmjXoI+la0wGZszubqbO3ifQ6A/W7vVSYsV3mR0JKwkKc4WHiBkmR8I3CCgI87oOL4qzT5P+RUJBejEOgAPK8hYPzatM+eITp2IO9yTQmeromPRxx1qxAcsile/ubSeEbcWQGYECghcLY2HyKjogjH25hMpjpUv1Ougli4eh2eRw0O32bJjkyuCgNzg0vzlYMSiSs0uoo4MG7hMOjCEaX1yFE0nSvjBzuTnEpK86Z8IoqFAIubw8kg9ArEaREWSZI+jH4Xbp6g9E9EnJT3oaRzDN+MUJBQDHn56a8oUmEBusOxBs/N5+tJEbPkAFDj8UGvOs/IWvcSglGBhvS7/FTYfpWGYdDY8fPAxWSA35sTC4p4+Lm4AaqIoPeQtfufK6Jh0ZhxlbsUXOSmXNifD5ZTAkyDofbbcclxnA8WNAqxCbRNykhXxQpaDw67fXUYbsiG0Khtv2oeIvh8rhQMYOcEAqXG/eI+zngOc5yxr8q82IAM1c/FLFOplqu5eFQXrMZzGcVCjYbLWG5I4BT1euRrlbxtNOtMitDDEhLXIIynAAvuOEWE3X3NdAft94VgaG42XIQt0ZX6PeCE/qQFe9rK6Hx7YU50KvH7fW4fS+q7KKBJxsggBX5pSAGh1jIrVh5zQ6w3RfaahBXm/aCbCZTjCUFUTyWZqW9p62MjJPXVqOrPgMO4Nv74Gkf+owftNVBDQnjFJqHSw17pXvhWW5KZqe/Q49N/USTCAVWoQXFIHBHXXe3FPrUDsuGDmtF/hHKTHpekxhiAOPI+SJq6S6HF4I9YWzkBJTo46iUMzWp8Pir/RiduLxKYsSksV8vLlOQvhGX2YlR0OBhBjC+u/gEcvY0ApK7Yk41NxjPSQnWFHTF66UrjgevB8Cu5a+l2vYSRPtuVDo73hhdMSHnUX7tTjsVZGxAl/WptiOIEQ1gnL29mX6/tR1tmlkYj8W4X+CSjWcUDGY1NpS/C7hSKqiMLM/l2QmSWZ73Ddz+gio8BCENYPQ46qnkzwXUbqvBkxjUQsWfZFgbuo3rAf+wN7jOO90+ynx4Pi3L+0nYL1SchDUgAP4gPV/7Id1q+1HShmuGkIqWRPgyxMFqP8HfjTnjXwY5bQfbJct6OIzKgMHotF/He1egsaxHSqG6wfdmQ5x8NyTFFqBcp2iSowHR3yk5+36hF7vXAAAAAElFTkSuQmCC", "authenticatorGetInfo": { "versions": ["U2F_V2", "FIDO_2_0"], "extensions": ["hmac-secret"], "aaguid": "6d44ba9bf6ec2e49b9300c8fe920cb73", "options": { "plat": false, "rk": true, "clientPin": true, "up": true }, "maxMsgSize": 1200, "pinUvAuthProtocols": [1] } }, "statusReports": [{ "status": "FIDO_CERTIFIED_L1", "effectiveDate": "2020-05-12", "certificationDescriptor": "Security Key by Yubico with NFC", "certificateNumber": "FIDO20020180918001", "certificationPolicyVersion": "1.1.0", "certificationRequirementsVersion": "1.2" }, { "status": "FIDO_CERTIFIED", "effectiveDate": "2020-05-12" }] } } ] }, "responseCode": "FIDO-MSG-0012", "skfsVersion": "4.13.0", "skfsFQDN": "example.strongkey.com", "TXID": "1-1-172-1679354369053" } </return> </ns2:getkeysinfoResponse> </S:Body> </S:Envelope>
Response Description
|
Value |
Explanation |
|
Response |
The enveloping JSON object that returns an array of keys (see below). |
keys Description
NOTE: The keys attribute returns an array and may have multiple FIDO credentials returned in the array—as shown above in this example.
|
Value |
Explanation |
|
keyid |
A string identifying a unique key identifier in the format that resembles the following string, but with different values: 1-1-234898734 2-1-15870 4-3-9562533 The digit preceding the first hyphen (“-”) represents the SKFS unique Server ID. The second digit between the two hyphens represents a cryptographic domain—a concept implemented in the StrongKey Tellaro appliance. In a software-only deployment of the SKFS, this will always be 1. The number following the last hyphen represents a unique key identifier within the specific SKFS server and cryptographic domain in which the credential was registered. As a result, within an SKFS cluster, a keyid with this “triple” will always be unique for every key. Applications being developed with this web service should plan to build in the logic to parse and retrieve the keyid and use it as a parameter for the deregister or other web services that pertain to operations on specific FIDO credentials. |
|
fidoProtocol |
This attribute indicates whether the key is using the legacy Universal 2nd Factor (U2F) or the current FIDO2 protocol.
|
|
credentialId |
The unique identifier of the FIDO credential. Also known as credentialId within the JavaScript API—Web Authentication (WebAuthn)—it returns a base64url encoding of the FIDO credential. |
|
aaguid |
The AAGUID of the authenticator used when this FIDO credential was registered. |
|
createLocation |
If available and enabled on the client device, this attribute provides the resolution of Global Positioning System (GPS) coordinates ascertained by applications, where the credential was created. |
|
createDate |
The date and time on which this credential was registered on SKFS. |
|
lastUsedLocation |
If available and enabled on the client device, this attribute provides the resolution of GPS coordinates ascertained by applications where the credential was last used by the user. |
|
lastUsedDate |
The date and time on which this credential was last used to authenticate within SKFS. |
|
modifyDate |
The date and time on which this credential record was modified within SKFS. |
|
status |
The current status of the credential—Active or Inactive. When a credential is marked Inactive in SKFS, it cannot be used to authenticate or sign business transactions. Business applications can use this attribute to suspend FIDO credentials temporarily for any reason, and reinstate them when the reason for suspension is no longer true. |
|
displayName |
A label assigned to the unique authenticator used when registering with SKFS. If this is the first registration (“genesis registration”) of the user with the application using SKFS, it is recommended the web application assign a fixed name to such genesis registrations such as, “Initial Registration,” or something equivalent. Since a well-designed FIDO application will allow the user to assign user-friendly names to additional authenticators they register with SKFS—such as “iPhone Key,” “HP laptop,” “Blue Security Key,” etc.—having the “Initial Registration” will allow the original registration to be distinguishable from all other authenticators.
|
|
attestationFormat |
This attribute provides information about the specific format used by the FIDO authenticator to send an attestation about the new FIDO credential it generated. This occurs only during the registration process.
|