SKFS offers a range of properties that can be customized to enhance the way it downloads and handles FIDO authenticator metadata statements. Explore the comprehensive MDS Properties guide for a detailed understanding.”
skfs.cfg.property.mds.enabled
skfs.cfg.property.mds.fidoalliance.loadmethod.url
skfs.cfg.property.mds.fidoalliance.loadmethod.local
skfs.cfg.property.mds.fidoalliance.rootca.loadmethod.url
skfs.cfg.property.mds.fidoalliance.rootca.loadmethod.local
skfs.cfg.property.return.MDS
skfs.cfg.property.return.MDS.webservicesFollow the steps below to change any of the above properties:
-
Switch to (or login as) the strongkey user
shell> su - strongkey -
Edit the skfs properties file
shell> vi /usr/local/strongkey/skfs/etc/skfs-configuration.properties -
Set or Update any of the above properties to the desired value.
-
Restart the payara server
shell> sudo systemctl restart payara # For SKFS version 4.12 and below, use the following command instead: shell> sudo service glassfishd restart
ADDITIONAL INFORMATION
If the SKFS appliance is operating without internet connection, you should download MDS file as well as the ROOT CA certificate that signed the MDS and copy over to each SKFS appliance under /usr/local/strongkey/skfs/mds directory. Then, configure below MDS properties in skfs properties file:
skfs.cfg.property.mds.fidoalliance.loadmethod.local=/usr/local/strongkey/skfs/mds/blob.jwt
skfs.cfg.property.mds.fidoalliance.rootca.loadmethod.local=/usr/local/strongkey/skfs/mds/root-r3.crt
The blob.jwt file can be downloaded from here and root-r3.crt file can be downloaded from here.
Note: This MDS file usually gets updated monthly. So, if you decide to configure this property, please make an arrangement to update the file every time it gets updated on the website.