Product Documentation

    Add Private MDS Files

    There are Security Key manufacturers who do not publish the Metadata statement to FIDO Alliance Metadata Service (MDS) and privately publish the Metadata Statement through MDS files.

    With SKFS 4.12 RFE-34,  the server now allows private MDS files to be loaded in the FIDO Server with the requirement that the private MDS files follow the same format as provided by FIDO Alliance.

    New configuration properties have been added to enable this feature and some existing properties have been modified to make all the properties consistent. 

    Explore the comprehensive MDS Properties guide for a detailed understanding.

    Follow the steps below to make change to the properties:

    • Switch to (or login as) the "strongkey" user 
      shell > su - strongkey
    • Edit the skfs properties file 
      shell > vi /usr/local/strongkey/skfs/etc/skfs-configuration.properties
    • Set the number of private MDS files to be added: 
      skfs.cfg.property.mds.private.count=<number>

example
skfs.cfg.property.mds.private.count=2
    • Set the unique name for each private MDS file. The count will increase with the addition of more private MDS files. Also, the property template will determine how the private MDS file is loaded and its location. Ensure that the <name> matches the value of the properties: 
      skfs.cfg.property.mds.private.source.<count>=<name>
skfs.cfg.property.mds.private.<name>.loadmethod=<url|local>
skfs.cfg.property.mds.private.<name>.loadmethod.url=
skfs.cfg.property.mds.private.<name>.loadmethod.local=

example
skfs.cfg.property.mds.private.source.1=skmanufacturer01
skfs.cfg.property.mds.private.skmanufacturer01.loadmethod=local
skfs.cfg.property.mds.private.skmanufacturer01.loadmethod.url=
skfs.cfg.property.mds.private.skmanufacturer01.loadmethod.local=/usr/local/strongkey/skfs/mds/private/skmanufacturer01.txt

skfs.cfg.property.mds.private.source.2=skmanufacturer02
skfs.cfg.property.mds.private.skmanufacturer02.loadmethod=local
skfs.cfg.property.mds.private.skmanufacturer02.loadmethod.url=
skfs.cfg.property.mds.private.skmanufacturer02.loadmethod.local=/usr/local/strongkey/skfs/mds/private/skmanufacturer02.txt
    • Private MDS files must be digitally signed and SKFS needs the certificate to verify the signature before the file can be accepted. Set the following properties to define the location and password of the truststore. When adding the certificate to the truststore, the certificate alias needs to match the <name> identified for a specific private MDS file: 
      skfs.cfg.property.mds.private.truststore.location=
skfs.cfg.property.mds.private.truststore.password=
    • Restart the payara server 
      shell> sudo systemctl restart payara 

# For SKFS version 4.12 and below, use the following command instead:
shell> sudo service glassfishd restart