Product Documentation

The following request body is sent during the updatekeyinfo call:

  • URL: https://<FQDN>:<PORT>/skfs/rest/updatekeyinfo

  • HTTP Method: POST

  • FIDO2_0 request body:
    <?xml version="1.0" ?>
    <S:Envelope
        xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
        <S:Body>
            <ns2:updatekeyinfo
                xmlns:ns2="http://soap.skfs.strongauth.com/">
                <svcinfo>
                {
                    "svcinfo": {
                        "did": 1,
                        "protocol": "FIDO2_0",
                        "authtype": "PASSWORD",
                        "svcusername": "svcfidouser",
                        "svcpassword": "Abcd1234!"
                    },
                    "payload": {
                        "keyid":"1-1-2",,
                        "displayname":"newJohnDoe",
                        "status":"Active",
                        "modify_location":"Cupertino"
                    }
                }
                </payload>
            </ns2:updatekeyinfo>
        </S:Body>
    </S:Envelope>

 

svcinfo Description

Value

Explanation

did

Unique identifier for a cryptographic domain in SKFS. Unless you are using a StrongKey Tellaro appliance, this defaults to 1.

protocol

The FIDO protocol to be used in this request (FIDO2_0).

authtype

The type of authentication supplied in this service request—it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD type of authentication.

svcusername

The username of the service credential requesting this web service.

svcpassword

The password of the service credential requesting this web service.

     When PASSWORD authtype is used, SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials under [ SKFS ⇒ Administration ⇒ Security ] for details).

 

payload Description

Value

Explanation

keyid

A string identifying the unique FIDO credential within the SKFS. However, the current format is DEPRECATED.

NOTE: In the current release, this attribute includes a string username within the key identifier. It will be replaced by a new format that will have a format resembling the following:

1-1-234898734

2-1-15870

4-3-9562533

The digit preceding the first hyphen (“-”) represents the unique SKFS Server ID.

     The second digit between the two hyphens represents a cryptographic domain—a concept implemented in the StrongKey Tellaro appliance. In a software only deployment of SKFS, this will always be a 1.

     The number following the last hyphen represents a unique key identifier within the specific SKFS server and cryptographic domain in which the credential was registered.

     As a result, within an SKFS cluster, a keyid with this “triple” will always be unique for every key.

     Applications being developed with this web service should NOT rely on the username embedded in this string.

displayName

The displayName is a plain language name used to identify the Authenticator to the user. This name will be displayed in case the user wishes to manage multiple Authenticators associated with their account.

status

Active/Inactive. Status to set the FIDO credential or policy to.

modify_location

If available and enabled on the client device, this attribute provides the resolution of Global Positioning System (GPS) coordinates ascertained by applications.