Product Documentation

    An installation script can be used for creating a new domain on SKFS.  The installation script generates signing, JWT and SAML keystores for the new domain that needs to be created. Taking a back up for all the keystores is recommended in case a restore back is required to the original keystores. 

     

    Prerequisites 

    • StrongKey FIDO Server (SKFS)
    • OpenJDK 11
    • add-domain-v4.x.zip 

     

    Create a New Domain

    Follow the steps to create a new domain for SKFS. If unsure of the next domain Id, please refer the section on how to find the next domain.

    1. Login as "strongkey" user and open a terminal 

    2. Unzip the add-domain-v4.x.zip file to the current directory:

      shell> unzip add-domain-v4.x.zip -d .

    3. Edit the add-domain installation script using a preferred text editor

      shell> vi add-domain.sh

      The installation script contains configurable values. Please change the passwords if not using the default ones.

    4. The script takes the following arguments:

      shell> add-domain.sh <did> <backup:true/false> 

If backup is set to true, the script creates a backup for all the keystores, database and the openLDAP directory at the /usr/local/strongkey/skfsbackups.

    5. Execute the add-domain.sh script as follows:

      shell> ./add-domain.sh 9 true

      The script will create a new domain and generate signing keys, jwtsigning keys and samlsigning keys for this newly created domain. The script also generates default users for the openLDAP directory and creates a minimal policy for this domain. Please follow the link if this policy needs to be updated.

    6. You can now use the new Domain to perform FIDO Operations.

    NOTE:  If you want to restore/rollback to the previous state for any reason/error, follow the steps here to recover the database and keystores

     

    How to find the next domain

     Follow the steps below to find the next did:

    • In a terminal logged in as  “strongkey” user and type the following command: 

      shell> mysql -u skfsdbuser -p skfs

      Or use alias mys : 

      shell> mys
    • You can use the command line to list all domains. 
      MariaDB[skfs] > select did, name from domains order by did;
    • Sample Output: 
      MariaDB [skfs]> select did, name from domains order by did;
+-----+--------+
| did | name   |
+-----+--------+
|   1 | SKFS 1 |
|   2 | SKFS 2 |
|   3 | SKFS 3 |
|   4 | SKFS 4 |
|   5 | SKFS 5 |
|   6 | SKFS 6 |
|   7 | SKFS 7 |
|   8 | SKFS 8 |
+-----+--------+
8 rows in set (0.001 sec)


    As you can see in the example above the server already has 8 domains created so the next domain id would be 9.