Response

A successful FIDO2_0 response (accompanied by a 200 OK) will look similar to the following:

<?xml version='1.0' encoding='UTF-8'?>
  <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
      <ns2:preauthenticateResponse xmlns:ns2="http://soap.skfs.strongauth.com/">
        <return>
        {
          "Response": {
            "challenge": "k1YeYZZ6HDmg3ruKinb2SQ",
            "rpId": "strongkey.com",
            "allowCredentials": [{
              "type": "public-key",
              "id": "WBQ0-B9MOEC2LwUn4Vi2K5uA_iDhg3oj7ZJiWG9A5ViFQO6yW1xtf9RGPX-f-Zx3BuS0xavJRey8mJuazZDOAGTnWc3JGH7UGTQzrcwhgizmDJ4t1MrLLjAYQrp64ML_LS9bpWe6_iaAhNHJTDhbeJcgB-Dfigu22xRfSdWbDNacloqveMoSUXuXO8ogJA0AWSq9nxL9MjI7YYV7Z3KOtg36JBe8crPuleQ5Ru_0L30",
              "alg": -7
            },
            {
              "type": "public-key",
              "id": "CDuwefbNapAlvyLDnDqe2N8bj7TzapfvxfmUAXDz30LS-JU2kNxxht0LUJFLcFxp7i6r7zBwVwzEaDVprZKzMQ5MQgacjyQZPof_T2Uoeefg8efbTM4aEXYfzeVSEUUAMz7DonqrHvGBaQKVs_NWElrsj-uwZsO8sIsrR1rs_LQwQBokFLbZ6WGNac6v1fDn9x8XfLjHx7bkMQVzCTbwsFW4TZBMMga-qshiEtObLkc",
              "alg": -7
            }]
          },
          "responseCode":"FIDO-MSG-0006",
          "skfsVersion":"4.12.0",
          "skfsFQDN":"example.strongkey.com",
          "TXID":"1-169-1679354369053"
        }
        </return>
      </ns2:preauthenticateResponse>
    </S:Body>
  </S:Envelope>

Response Description

Value	Explanation
challenge	This attribute contains the name assigned by the web application to the name of the Relying Party (RP)—the company or application with whom the user is interacting.
rpid	This attribute contains the RFC-6525 origin that represents the RP’s Domain Name Service (DNS) domain. Only credentials registered to this rpid will qualify for providing an authentication assertion—the digital signature of the challenge, thus providing proof of authentication.

allowCredentials Description

Value	Explanation
type	This attribute indicates the type of credential from which the RP requires an assertion—the value is always public-key for FIDO/WebAuthn.
id	This attribute contains the unique identifier—credentialId—assigned by FIDO Authenticator to the user’s registered credential.
alg	This attribute contains a numerical value, which describes the public key algorithm from the set of COSE Algorithms SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following: -7: ES256 or ECDSA with SHA-256 message digests

Value

Explanation

type

This attribute indicates the type of credential from which the RP requires an assertion—the value is always public-key for FIDO/WebAuthn.

This attribute contains the unique identifier—credentialId—assigned by FIDO Authenticator to the user’s registered credential.

alg

This attribute contains a numerical value, which describes the public key algorithm from the set of COSE Algorithms SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following:

-7: ES256 or ECDSA with SHA-256 message digests