Enabling Related Origin Requests (ROR) for a specific domain
Note: This feature is only available SKFS v4.15.0 onwards
-
Switch to (or login as) the strongkey user
shell> su - strongkey -
Use the skfsadminclient update configuration or updateconfiguration web service to update the following domain specific properties:
skfs.cfg.property.fido2.rp.relatedorigins.enabled skfs.cfg.property.fido2.rp.relatedorigins.origins Example: shell> java -jar skfsadminclient.jar UC https://fido.example.com:8181 1 rest password fidoadminuser Abcd1234! skfs.cfg.property.fido2.rp.relatedorigins.enabled true shell> java -jar skfsadminclient.jar UC https://fido.example.com:8181 1 rest password fidoadminuser Abcd1234! skfs.cfg.property.fido2.rp.relatedorigins.origins https://fido.example.com,https://fido.example.co.uk -
Restart the Payara using the following command:
shell> sudo systemctl restart payaraNote: If SKFS has been deployed in a clustered environment, only restart payara on all the other nodes in the cluster as replication module will copy over to configurations to all the nodes in the cluster.
Disabling ROR for specific domain
-
Switch to (or login as) the strongkey user
shell> su - strongkey -
Use the skfsadminclient delete configuration or deleteconfiguration web service to update the following domain specific properties:
skfs.cfg.property.fido2.rp.relatedorigins.enabled skfs.cfg.property.fido2.rp.relatedorigins.origins Example: shell> java -jar skfsadminclient.jar DC https://fido.example.com:8181 1 REST PASSWORD svcfidouser Abcd1234! skfs.cfg.property.fido2.rp.relatedorigins.enabled shell> java -jar skfsadminclient.jar DC https://fido.example.com:8181 1 REST PASSWORD svcfidouser Abcd1234! skfs.cfg.property.fido2.rp.relatedorigins.origins -
Restart the Payara
shell> sudo systemctl restart payaraNote: If SKFS has been deployed in a clustered environment, only restart payara on all the other nodes in the cluster as replication module will copy over to configurations to all the nodes in the cluster.