Product Documentation
NOTE: Learn more about the Policy Module here.
When a domain is created, a minimal policy is automatically generated for that domain. Typically, administrators only need to update this existing policy. However, if necessary, a new policy can be created using the command-line administration tool, as shown below:
The command for create Policy is listed below:
java -jar skfsadminclient.jar CP <hostport> <did> <wsprotocol> <authtype> <svcusername> <svcpassword> <sid> <pid> <notes> <policy>
NOTE: The policy JSON can be minified to easily pass in as argument in terminal.
$ example:~/skfsclient> java -jar skfsadminclient.jar CP https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! "" '{
"FidoPolicy": {
"name": "MinimalPolicy",
"copyright": "",
"version": "1.0",
"startDate": "1695665588",
"endDate": "1760103870871",
"system": {
"did": 1,
"requireCounter": "optional",
"integritySignatures": false,
"userVerification": [
"required",
"preferred",
"discouraged"
],
"userPresenceTimeout": 0,
"allowedAaguids": [
"all"
],
"transport": [
"usb",
"internal"
]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": [
]
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"none",
"indirect",
"direct",
"enterprise"
],
"formats": [
"fido-u2f",
"packed",
"tpm",
"android-key",
"android-safetynet",
"apple",
"none"
]
},
"registration": {
"displayName": "required",
"attachment": [
"platform",
"cross-platform"
],
"discoverableCredential": [
"required",
"preferred",
"discouraged"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey",
"serialnumber": "1445945143",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbWgAwIBAgIEVi9fNzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NTIxWhcNMjQwOTI0MTc1NTIxWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAnBg+GpFh8pSx6S88VFFDpjqAVbi5+gNagvzfmxm7v6uo1IEb1/sU4w6Fxw/h3XzHYSTdIKIMh8N9Zekk+0gplQ8BX2jphqcrfdlP/eT+tJKljaQKuH1Qr0XqgCa06EYj2rzmeqxbIpFmcCYODq2yl2eavORPrMCUUJBhim/HJN78dEijQjBAMB0GA1UdDgQWBBQk9v310MYf7oy/uSQZ8iaZmsyAhTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAIgR7dwY6bbOXZU1hxaKnnvkdsJQ/A8bsvTCxz6tHROJiFg8Yxc/bNcrvRSu8eNj/i4XSTsPJG9zlByRrF2jQywfAkIBclySrnuN2hYUlyBa8l79KWDgO0Q8AcsZsngIgOz4mfLP1rWnXpwDAQrIjDeHFb1jxKjiHhIAkq3ETwzI9KF2MMQ=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "374680927",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEFlUtXzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NTMzWhcNMjQwOTI0MTc1NTMzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM/K4QvWAUz+9Ji1YKLnY3y2kz7DUgDtl4zmTDnrvK+TygNuz95Wvef/lAFlXarC3m4WCGBh6tUnEjmRYoiI3vOjQjBAMB0GA1UdDgQWBBSur7xr1kwhB9Wf3JpleA2a1UT5CjAfBgNVHSMEGDAWgBQk9v310MYf7oy/uSQZ8iaZmsyAhTAMBggqhkjOPQQDBAUAA4GLADCBhwJCAYxDEahaV7PliPDFrS8bOfgy5nhMdIbv3vMidm/cQ5pXwJlUqLup0N3LbSwzwVAT4Ahb9jxMK4w2SJp71XnXai+RAkEpQ9rxDTOSA1KO3bKu9mvWoz2NQF69ul0DKjhPlQBwySSTyR84+wdjz1QHpQfivahroAiU4SINF8G4glY7vnzUNA==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey",
"serialnumber": "1110263917",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEQi1IbTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NTUzWhcNMjQwOTI0MTc1NTUzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAViDBBiK0pL/N2EKL6oZJtvK7+MUSjtEL1GUT561eqjWtb8XKLvaueSe1cRAxdHaGuP7UijDI8ebR3508D8Lr+jQjBAMB0GA1UdDgQWBBTS4/88da9pyuzZIrkbKq9JrXWQOzAfBgNVHSMEGDAWgBQk9v310MYf7oy/uSQZ8iaZmsyAhTAMBggqhkjOPQQDBAUAA4GLADCBhwJBDjUuO21tow/6UvyKQz3jmlWMudgU2MTkVneD30GiD9Ma0KGxylyGs8pqJz2mtszkKFM5YdOyCM6WefCtmFLx1T0CQgFy7+KpzBVfsciDlMu9Na3DgIQR6hrLlARsG0scTmbQ6gjhEBrfpyY0ayz8yB8cmroWv541oL0/ndWjsMPQQS+/Vg==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey",
"serialnumber": "1228535437",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIESTn2jTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTc1NjEyWhcNMjQwOTI0MTc1NjEyWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNMOCH0kkso1f6uB7XKyaOfdDkjA909k4inC/vG1m4I4m3B5Lq2QD8ePFwG102B0jBAISdG4nQixIoAHHa4s29CjQjBAMB0GA1UdDgQWBBQWBgeJxJWT6uGq2wgncQavIZ1u9TAfBgNVHSMEGDAWgBQk9v310MYf7oy/uSQZ8iaZmsyAhTAMBggqhkjOPQQDBAUAA4GLADCBhwJCATZLB8misstpSMZJC35xPNTMZx/z2HuzOKCvnRcJw2nWWmVG5Uz+hvA23/sp6tgb69C7ofEwYZe3963MHkwLuEhQAkEwdlHpRzk448BCTiIIHTiJrUyb5UUTcVxeAGoyz/aJdaK0GRyioizw5UC/HBsLz9kQY1A+Kq+bs6PX9KlKj0vPUA==-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "1194838982",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIERzfLxjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTA3WhcNMjQwOTI0MTgwNTA3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChTcTCY+GkL8pxybwRq7FbatUErkaJFaZEYUZNNtpJ5HTypNlwEjqWRNmFEQCBZuE4YiZJ1AQREbYVYrUPQvxHTJvRIRJ13OAhhWxQf12bAJBEn/A5y2he4/mBsnqXUBbvJDkf/86/fcj0tiqhQC6paGNPpeMshaVq+yk/wt6kJeiLvPLpsRNhk8DunlLwymet2M2hXvU1x51LksfLuBtO3BuT+yWyyA3qsL+QUzxgflu8Edwle/o1ApFaIPO3jAOpqqyHd8op3sfiWD2M81fRvveMkyxLkWmB+13ba+VJBJRKyJI033HfkkxYNAsoXJZ69JzFiCizYLeszzs8ytCPAgMBAAGjUjBQMB0GA1UdDgQWBBRWGmn3bPmdHnPVgSCEMQgFrSIMujAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgDuSdh9Fc6ifRsGjrsJ39rTkby603kD5yMRhiFIFZyIi6H4/sE1qZ4TQdTolrnTxDfb5qOPQlbOleQyaZbgfR1QGwJCAKmv715qliZjQVw995DXR2aoHEAVGOi8TKzgjwt0CYI9JyBklo2aXoVwgEvMB5VbZAsw41BUQIWkLU8M0WuGJUxs-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey",
"serialnumber": "1412791270",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEVDV75jAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTI2WhcNMjQwOTI0MTgwNTI2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK5e4X24xACnlEQT1cd6+cvyll8dPIdEyxeFP9VEXvwO+1yZnqODWDtxXcVg1Wo1UMTcUoSIU2ByCySj6a3feADsPYetA1dmC/i+Lc5B9fkR9cgZWS6MZk/mhuSBbUlhwadjS5NuhMnw+5cUyRX3nf7GkFlMyHiHJAD3Hh1FuiKpfR3JQ8t5vq0GIDDaqjrvaXEnJu/ojnd+0XWwWriXDOWJV5wsae9ul5uzdGst8EcIbWYE0Sp82xYJM9GnREj7Bi1YffibfcvU5PyHuTDJbZ8mUhm91RuljxWXi1AFyJgnMHPqGQJ7ErRjb4e5FRtyPY/XR30PvGXJ6uEiQjItLJAgMBAAGjUjBQMB0GA1UdDgQWBBSzGGeXMgZZTn5pxd/VqNJDMtK80zAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgHBbUuqZ3aDOrEj90ZzXyIk9cXN4Td7eblICsn9a0d4AIVIWllIqNwvV84ik04PH/F35gb//TZ6NVvWajViFwwDEgJBIE+N0xkac7NZ3St4H2AE1kePMOWgadX+GIP5tIgcLoPoifvYo7/f4jqZZyHMTzP8cgdli4W1lWjx+149tCq/jEo=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey",
"serialnumber": "1682332098",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEZEZZwjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTQ0WhcNMjQwOTI0MTgwNTQ0WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDzGV3zHjLwR/r/Zy19ZYhM06wU3XIvgqeXhwj/oIfiidhTIraytfQ+ZZQVpT4frvhB3K50qplGedvKWRrwZXYZqZafwKA5/2PZduDCLZgo6OxRlkmSPzn1BfgE65Ja9e58AV1JhJCA1L9p8NaExhuIORvdrbwLvuI66E9UE6IqxFi3UnDszaSIAludYafTKBqXphjSm3Bp7OEulnZcKsyAJMA2pLqFDpovShKUS9cbmgNfOnoxJdHXNftqizmftg+PMv+CCb8Hxs7YLaWWa0Yhl28mcTJdVAyBt2f0we+43K8VD2ziHNGEw+XwjasYYNjvJc1rOBzPy0cBdZAlewJAgMBAAGjUjBQMB0GA1UdDgQWBBTan1wvCnaQEscTJRo9TngvtWgG0TAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgGWW3MGMlouOTLl0TTGpItdz2rDHUXlsIZZ4QfQxmPcRD7te0xZIah9suJznVQBNGofS71uVa1vx0PfsdLW+q0QqQJBTRrW9GiNu/0aXOETWrEPdcg08j7nB3e+hySQaxZYimUsPK+UdIgo0XFR+qDEnkuoZpuzuZ4KE9LbmG5WOTj6Ws8=-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
"serialnumber": "1194838982",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIERzfLxjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MTgwNTA3WhcNMjQwOTI0MTgwNTA3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChTcTCY+GkL8pxybwRq7FbatUErkaJFaZEYUZNNtpJ5HTypNlwEjqWRNmFEQCBZuE4YiZJ1AQREbYVYrUPQvxHTJvRIRJ13OAhhWxQf12bAJBEn/A5y2he4/mBsnqXUBbvJDkf/86/fcj0tiqhQC6paGNPpeMshaVq+yk/wt6kJeiLvPLpsRNhk8DunlLwymet2M2hXvU1x51LksfLuBtO3BuT+yWyyA3qsL+QUzxgflu8Edwle/o1ApFaIPO3jAOpqqyHd8op3sfiWD2M81fRvveMkyxLkWmB+13ba+VJBJRKyJI033HfkkxYNAsoXJZ69JzFiCizYLeszzs8ytCPAgMBAAGjUjBQMB0GA1UdDgQWBBRWGmn3bPmdHnPVgSCEMQgFrSIMujAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUJPb99dDGH+6Mv7kkGfImmZrMgIUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgDuSdh9Fc6ifRsGjrsJ39rTkby603kD5yMRhiFIFZyIi6H4/sE1qZ4TQdTolrnTxDfb5qOPQlbOleQyaZbgfR1QGwJCAKmv715qliZjQVw995DXR2aoHEAVGOi8TKzgjwt0CYI9JyBklo2aXoVwgEvMB5VbZAsw41BUQIWkLU8M0WuGJUxs-----END CERTIFICATE-----"
}
}
}
}
}
}'
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.
REST Create Policy with PASSWORD
*******************************
Calling create policy @ https://example.strongkey.com:8181/skfs/rest/addpolicy
Response : {"Response":"1-9","responseCode":"FIDO-MSG-0063","skfsVersion":"4.14.0","skfsFQDN":"example.strongkey.com","TXID":"1-1-169-1717786229844"}
Create Policy complete.
******************************************
Done with Create Policy!