Enable Cross Origin
Enable crossOrigin for any domain by using the crossOrigin Option. Learn more about this option here.
Below is the system option that allows the authenticator to authenticate to one of the allowed domains. Set one or more domains (comma separated) in the "allowedOrigins" options.
"crossOrigin" : { "enabled": true, "allowedOrigins": ["example.com", "login.com"]
}
When a user registers with a RP with an ID of "strongkey.com," an authenticator registered on "strongkey.com" can only authenticate on rpid with same domain as "strongkey.com". However, enabling crossOrigin and allowing "example.com" or "login.com" as allowed Origins allows user registered on "strongkey.com" to authenticate through "example.com" or "login.com" domain.
Follow the steps below to change the system Option in the domain's policy:
The following is a pretty printed example output for an updated policy after updating crossOrigin
{ "FidoPolicy": { "name": "MinimalPolicy", "copyright": "", "version": "1.0", "startDate": "1695683133", "endDate": "1760103870871", "system": { "did": 1, "requireCounter": "optional", "integritySignatures": false, "userVerification": ["required", "preferred", "discouraged"], "userPresenceTimeout": 0, "allowedAaguids": ["all"], "transport": ["usb", "internal"] }, "crossOrigin": { "enabled": false, "allowedOrigins": [] }, "algorithms": { "curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"], "rsa": ["RS256", "RS384", "RS512", "PS256", "PS384", "PS384"], "signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"] }, "attestation": { "conveyance": ["none", "indirect", "direct", "enterprise"], "formats": ["fido-u2f", "packed", "tpm", "android-key", "android-safetynet", "apple", "none"] }, "registration": { "displayName": "required", "attachment": ["platform", "cross-platform"], "discoverableCredential": ["required", "preferred", "discouraged"], "excludeCredentials": "enabled" }, "authentication": { "allowCredentials": "enabled" }, "authorization": { "maxdataLength": 256, "preserve": true }, "rp": { "id": "test.com", "name": "FIDOServer" }, "extensions": {}, "mds": { "authenticatorStatusReport": [{ "status": "FIDO_CERTIFIED_L1", "priority": "1", "decision": "IGNORE" }, { "status": "FIDO_CERTIFIED_L2", "priority": "1", "decision": "ACCEPT" }, { "status": "UPDATE_AVAILABLE", "priority": "5", "decision": "IGNORE" }, { "status": "REVOKED", "priority": "10", "decision": "DENY" }] }, "jwt": { "algorithms": ["ES256", "ES384", "ES521"], "duration": 30, "required": ["rpid", "iat", "exp", "cip", "uname", "agent"] }, "signcerts": { "rootca": { "subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey", "serialnumber": "1679560516", "pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIEZBwPRDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0NzM4WhcNMjQwOTI0MjI0NzM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAKdbVGToJkrCwOGEhg+JrnUM8Fv8l/g952VrWXhAaOtaIC4GMsKD0bv9gNot4nDSKH8L59i/dJiRHU4xuIvhkQAsBoSP2dipxg+bVvFtCt/dH1jOQYv+ev1KE2k8KZc4W3Ebgrvj5RZ02dIvKo8fCpEhBQKNhpR8tQmLRcAYZMcVQcAWjQjBAMB0GA1UdDgQWBBSjFsBomZYSzAs6i3XILwB6WMjz+zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJBdt0h+vm4nA0fCfHrNbmclKSojLC+c3qTwB6T3H4zuGPzQKfh37UIFLZUyeIaKNCZ/EK3ttkyAo6R3SA/RM8Qg5oCQgG5Z1imd84Oa8v5SvAfiuTuFC//fRyeTOo3Qr9uDTOizptU4voInHdsORSugU99R8oNqSISBSarXo78ZLDperHHMg==-----END CERTIFICATE-----", "jwtcerts": { "default": [{ "subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey", "serialnumber": "136454779", "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIECCIiezAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0NzUwWhcNMjQwOTI0MjI0NzUwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOU53tO6qIZeG9shvyKM89vDXDanSydzrzSbj4QNqcumNd7S05zIVODTM4u2K+FlKefLF0wC9quJZAVtfQr1EuOjQjBAMB0GA1UdDgQWBBRjO1ed7qSTgdWvnqSvjZgcsNYZVTAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GLADCBhwJBGNVbxTRagpZQwcjSMXuXl8GI+xzDW2DvQqzObt137rzExG2Bgl5Gqb+RPsBPnuMaeKHTSP3qjnwNUGti/usJinkCQgFmamAz25k+PNUMnUq4bsKDsFU4y5AbRWAUlZzL00YlK699Rv/+YnCbvpUlgrp7zslaIOMmKNV+sElkVDk/THwTAw==-----END CERTIFICATE-----" }, { "subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey", "serialnumber": "189249632", "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEC0e4YDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0ODEwWhcNMjQwOTI0MjI0ODEwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKc91+zd9yhkCxS1wN+XTKHefzVqhT4UUNgHUEZeRK47aHvFQR8DlaxsK1jFniXpvfbOEMXQdySKeCHsJIl7b2KjQjBAMB0GA1UdDgQWBBQZAEcp7y6gAq68k19RPtSLXu/ugzAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GLADCBhwJBCmSozCgL4pV2+QE2pfNgBQQrENNzejLnYolJK/W4ImK2RiyPut2GZtRIL/pfgSYws35NaUkeICFimw0q//zH6aoCQgGSt1Y8PMxlr/+Ac1xTx1yn3HzwcZIyuF2i1YS1JzlrP1QAPIFA8UHcL0eXn0mda2aeBBTUEtSNqb0cPNkpiipqAQ==-----END CERTIFICATE-----" }, { "subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey", "serialnumber": "956062841", "pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEOPxceTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0ODMwWhcNMjQwOTI0MjI0ODMwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIk85sCOVJ489k2DT2VWlfgUIsc/+6pk2EnAN5qMZtEg/tsbrKPeNChsFseBIf7RNg3TXretVtwlSJy7RytRNQ+jQjBAMB0GA1UdDgQWBBTTo/AyN1miKjrvTdYowtFNyhmJCjAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAf+vBftPogNV7sW7JTA62KaeM7VZBTYQlQaN5CHM7Lu9RQlGc9+YBytm+6dWjJfFGrWGx9Dy7v1fURqafw21FLnDAkIA6AyVH4xAesoMhoH7U4xRBvyRbvWfgObGa1cxk9k3EHfwfd2/6+zSQ9MI65B7bRWcbcsIHysIUhbtjC9ytZGIbKI=-----END CERTIFICATE-----" }] }, "samlcerts": { "default": [{ "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey", "serialnumber": "1752527694", "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEaHVzTjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzI3WhcNMjQwOTI0MjI1NzI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPu6Hi/0stlWMJa+m73Y9KAYo8fAiE53PgPpMjYM3a++Vf7nZ0sByk+W3Q/gRtTfjOnh+2cq2ukTLHKAG0UKZ2kD9PRzwZgfo1GoTKdRekVIIjwxOX6n52RJ9/mblkyPcOPnmjUy+aULaSTow2cI+cRukYEdzEuWDU81QEJ7m+xkZ6eKkrjJ1Y9sX4BzJttlswd43Avu/0QDGunSX37Z0NM21PZCjzgrVr5GAkBHP0Vz+bgGJ5zpcsdMQfhX4yAN6cmYOD/9JO4AQj36LaN+/JS2sU75ub8BHYFdVa1NsFbDPvvsxzrw3pweuZWXZifM+mCUy/O+JPswrnyG9PDLrAgMBAAGjUjBQMB0GA1UdDgQWBBSLVRg9XSNi4SqNZ3jREXhMsfsoEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgExLV4kYrkQJiBN1Jf65BgyHh0qgQfqtma3rtKplKtjjTh5lfXlebrYJU1WyPK3bVotpb4s9cI4pZL1oBZ/XrE28wJCAaf4NGUcE+1nIfWmwAL7HXWzx/LRwufxpnHfkrztHIZPR/5c7N24PQk9njDTUFG7Lv30U8Hp42nD7uxt96zP8N+h-----END CERTIFICATE-----" }, { "subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey", "serialnumber": "483266569", "pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEHM4QCTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzQ2WhcNMjQwOTI0MjI1NzQ2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeve+T/aw44+WaN0QSml21K9KP7b6Gpn1ZDV3Ne+oQi2jrqOniW3LFBN8emJwGlh+X77A0WwJTkgCGP/eSftpQNE1NqGM94HnPnP2uxIWyaLZjLpEKngwj0B1mR1X6ts7H//fbV2f4MNK/B/fBSgAAe8BbLOKUX7cHSSOsNomlaSmKRjA2i37OupBrmBIN9fq7oXoTxlmQq31Y+3PpSBSgYQxnM8XLMJBzL6m2NzruMWQvBC+Ub25r0MG7sgz0cp9AytoSU6aTzlzObaixuVl/n8C025VzA8hh4LMeLxkKHO38v8O4VThWWCL0e1WVxLV4E3DgO2/foV1JRiKt9hebAgMBAAGjUjBQMB0GA1UdDgQWBBQuUwdAgwAq9taI0LeJX9qi9M2EUjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgG8jeN1fweKUB2Rf8VK1u1BeXACRDHDjodnl1NmMKVPMJOEHqIF9GpkoSP9rC5B2NbrIyMjw4zLzxPoRJSgpeHMywJBekB/uwHGYuee7mVSCpA01DZ2Rjem770cNzYGUOvN9pbTtOya2BCe+ru2VY1R6ajRZSEhpMU+06/VUMqzJwJ2tAY=-----END CERTIFICATE-----" }, { "subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey", "serialnumber": "1642726701", "pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEYeoFLTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1ODA1WhcNMjQwOTI0MjI1ODA1WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ9+a2Q7S61gp5AfHNos9inTEf8wHoQaX15F7sNUjaypVYqTTnptNjwB52oshoBO8ef+wvfxqcKwodBUGd8ZWjKX6ZzEY4PdRmaQT3qqnyLBPfhyc85N/feUQIuQj5pX/+5LrZOi0y3hfwQl3elU8cMaBV7QHV0mV4Jn2TEN1QSSRe21sUd0tl6KAyio6yBFN8BqSWQXqyqHVVjnMjS43bii+twcjnfOgR9on41qIt3DTsGDFxMOt2d2+STJwpzk8lAvK1eNuId2egP6bW/PXQas+QjXL7HtV9VfuYo3/kipebHmf2rVjwrP4R8vx82iEaYBE/we06txvyAOev1giVAgMBAAGjUjBQMB0GA1UdDgQWBBT5a1O5hrneWkvl34FuhkZOLMg0WTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgFKzP/yQMVznrju0BxFITKCJF79TRZVPPdaeVraMF9SFEXom2cy6x6W13MSxshnPGm2ZJVrKxiVWcygu7t7ZfcnGAJBN0eMmXA53aT8+N71JrEXwU2gbbh17/X6yht18zR8gvGpjZU6AK8XsILvI1WzUG1dUPofMTd8rMlB/JK+ZksC9wM=-----END CERTIFICATE-----" }], "citrixidp": { "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey", "serialnumber": "1752527694", "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEaHVzTjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzI3WhcNMjQwOTI0MjI1NzI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPu6Hi/0stlWMJa+m73Y9KAYo8fAiE53PgPpMjYM3a++Vf7nZ0sByk+W3Q/gRtTfjOnh+2cq2ukTLHKAG0UKZ2kD9PRzwZgfo1GoTKdRekVIIjwxOX6n52RJ9/mblkyPcOPnmjUy+aULaSTow2cI+cRukYEdzEuWDU81QEJ7m+xkZ6eKkrjJ1Y9sX4BzJttlswd43Avu/0QDGunSX37Z0NM21PZCjzgrVr5GAkBHP0Vz+bgGJ5zpcsdMQfhX4yAN6cmYOD/9JO4AQj36LaN+/JS2sU75ub8BHYFdVa1NsFbDPvvsxzrw3pweuZWXZifM+mCUy/O+JPswrnyG9PDLrAgMBAAGjUjBQMB0GA1UdDgQWBBSLVRg9XSNi4SqNZ3jREXhMsfsoEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgExLV4kYrkQJiBN1Jf65BgyHh0qgQfqtma3rtKplKtjjTh5lfXlebrYJU1WyPK3bVotpb4s9cI4pZL1oBZ/XrE28wJCAaf4NGUcE+1nIfWmwAL7HXWzx/LRwufxpnHfkrztHIZPR/5c7N24PQk9njDTUFG7Lv30U8Hp42nD7uxt96zP8N+h-----END CERTIFICATE-----" } } } } }