Product Documentation

    Enable Cross Origin

    Enable crossOrigin for any domain by using the crossOrigin Option. Learn more about this option here.

     

    Below is the system option that allows the authenticator to authenticate to one of the allowed domains. Set one or more domains (comma separated) in the "allowedOrigins" options.

    "crossOrigin" : {
         "enabled": true,
         "allowedOrigins": ["example.com", "login.com"]
    }

    When a user registers with a RP with an ID of "strongkey.com," an authenticator registered on "strongkey.com" can only authenticate on rpid with same domain as "strongkey.com". However, enabling crossOrigin and allowing "example.com" or "login.com" as allowed Origins allows user registered on "strongkey.com" to authenticate through "example.com" or "login.com" domain.

     

    Follow the steps below to change the system Option in the domain's policy:

    • Use the link below to find the current policy of the domain that needs to have crossOrigin enabled.

      How to get a Policy

       

    • Update any system property in the policy by using the link below after finding the specific domain's policy.

      How to update a Policy

     

    The following is a pretty printed example output for an updated policy after updating crossOrigin

    {
"FidoPolicy": {
"name": "MinimalPolicy",
"copyright": "",
"version": "1.0",
"startDate": "1695683133",
"endDate": "1760103870871",
"system": {
	"did": 1,
	"requireCounter": "optional",
	"integritySignatures": false,
	"userVerification": ["required", "preferred", "discouraged"],
	"userPresenceTimeout": 0,
	"allowedAaguids": ["all"],
	"transport": ["usb", "internal"]
},
"crossOrigin": {
	"enabled": false,
	"allowedOrigins": []
},
"algorithms": {
	"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
	"rsa": ["RS256", "RS384", "RS512", "PS256", "PS384", "PS384"],
	"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
	"conveyance": ["none", "indirect", "direct", "enterprise"],
	"formats": ["fido-u2f", "packed", "tpm", "android-key", "android-safetynet", "apple", "none"]
},
"registration": {
	"displayName": "required",
	"attachment": ["platform", "cross-platform"],
	"discoverableCredential": ["required", "preferred", "discouraged"],
	"excludeCredentials": "enabled"
},
"authentication": {
	"allowCredentials": "enabled"
},
"authorization": {
	"maxdataLength": 256,
	"preserve": true
},
"rp": {
	"id": "test.com",
	"name": "FIDOServer"
},
"extensions": {},
"mds": {
             "authenticatorStatusReport": [{
		"status": "FIDO_CERTIFIED_L1",
		"priority": "1",
		"decision": "IGNORE"
		}, {
		"status": "FIDO_CERTIFIED_L2",
		"priority": "1",
		"decision": "ACCEPT"
		}, {
		"status": "UPDATE_AVAILABLE",
		"priority": "5",
		"decision": "IGNORE"
		}, {
		"status": "REVOKED",
		"priority": "10",
		"decision": "DENY"
		}]
},
"jwt": {
	"algorithms": ["ES256", "ES384", "ES521"],
	"duration": 30,
	"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
	"rootca": {
		"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey",
		"serialnumber": "1679560516",
		"pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIEZBwPRDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0NzM4WhcNMjQwOTI0MjI0NzM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAKdbVGToJkrCwOGEhg+JrnUM8Fv8l/g952VrWXhAaOtaIC4GMsKD0bv9gNot4nDSKH8L59i/dJiRHU4xuIvhkQAsBoSP2dipxg+bVvFtCt/dH1jOQYv+ev1KE2k8KZc4W3Ebgrvj5RZ02dIvKo8fCpEhBQKNhpR8tQmLRcAYZMcVQcAWjQjBAMB0GA1UdDgQWBBSjFsBomZYSzAs6i3XILwB6WMjz+zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJBdt0h+vm4nA0fCfHrNbmclKSojLC+c3qTwB6T3H4zuGPzQKfh37UIFLZUyeIaKNCZ/EK3ttkyAo6R3SA/RM8Qg5oCQgG5Z1imd84Oa8v5SvAfiuTuFC//fRyeTOo3Qr9uDTOizptU4voInHdsORSugU99R8oNqSISBSarXo78ZLDperHHMg==-----END CERTIFICATE-----",
		"jwtcerts": {
			"default": [{
				"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey",
				"serialnumber": "136454779",
				"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIECCIiezAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0NzUwWhcNMjQwOTI0MjI0NzUwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOU53tO6qIZeG9shvyKM89vDXDanSydzrzSbj4QNqcumNd7S05zIVODTM4u2K+FlKefLF0wC9quJZAVtfQr1EuOjQjBAMB0GA1UdDgQWBBRjO1ed7qSTgdWvnqSvjZgcsNYZVTAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GLADCBhwJBGNVbxTRagpZQwcjSMXuXl8GI+xzDW2DvQqzObt137rzExG2Bgl5Gqb+RPsBPnuMaeKHTSP3qjnwNUGti/usJinkCQgFmamAz25k+PNUMnUq4bsKDsFU4y5AbRWAUlZzL00YlK699Rv/+YnCbvpUlgrp7zslaIOMmKNV+sElkVDk/THwTAw==-----END CERTIFICATE-----"
				}, {
				"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey",
				"serialnumber": "189249632",
				"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEC0e4YDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0ODEwWhcNMjQwOTI0MjI0ODEwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKc91+zd9yhkCxS1wN+XTKHefzVqhT4UUNgHUEZeRK47aHvFQR8DlaxsK1jFniXpvfbOEMXQdySKeCHsJIl7b2KjQjBAMB0GA1UdDgQWBBQZAEcp7y6gAq68k19RPtSLXu/ugzAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GLADCBhwJBCmSozCgL4pV2+QE2pfNgBQQrENNzejLnYolJK/W4ImK2RiyPut2GZtRIL/pfgSYws35NaUkeICFimw0q//zH6aoCQgGSt1Y8PMxlr/+Ac1xTx1yn3HzwcZIyuF2i1YS1JzlrP1QAPIFA8UHcL0eXn0mda2aeBBTUEtSNqb0cPNkpiipqAQ==-----END CERTIFICATE-----"
			             }, {
				"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey",
				"serialnumber": "956062841",
				"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEOPxceTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0ODMwWhcNMjQwOTI0MjI0ODMwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIk85sCOVJ489k2DT2VWlfgUIsc/+6pk2EnAN5qMZtEg/tsbrKPeNChsFseBIf7RNg3TXretVtwlSJy7RytRNQ+jQjBAMB0GA1UdDgQWBBTTo/AyN1miKjrvTdYowtFNyhmJCjAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAf+vBftPogNV7sW7JTA62KaeM7VZBTYQlQaN5CHM7Lu9RQlGc9+YBytm+6dWjJfFGrWGx9Dy7v1fURqafw21FLnDAkIA6AyVH4xAesoMhoH7U4xRBvyRbvWfgObGa1cxk9k3EHfwfd2/6+zSQ9MI65B7bRWcbcsIHysIUhbtjC9ytZGIbKI=-----END CERTIFICATE-----"
				}]
			},
		"samlcerts": {
			"default": [{
				"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
				"serialnumber": "1752527694",
				"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEaHVzTjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzI3WhcNMjQwOTI0MjI1NzI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPu6Hi/0stlWMJa+m73Y9KAYo8fAiE53PgPpMjYM3a++Vf7nZ0sByk+W3Q/gRtTfjOnh+2cq2ukTLHKAG0UKZ2kD9PRzwZgfo1GoTKdRekVIIjwxOX6n52RJ9/mblkyPcOPnmjUy+aULaSTow2cI+cRukYEdzEuWDU81QEJ7m+xkZ6eKkrjJ1Y9sX4BzJttlswd43Avu/0QDGunSX37Z0NM21PZCjzgrVr5GAkBHP0Vz+bgGJ5zpcsdMQfhX4yAN6cmYOD/9JO4AQj36LaN+/JS2sU75ub8BHYFdVa1NsFbDPvvsxzrw3pweuZWXZifM+mCUy/O+JPswrnyG9PDLrAgMBAAGjUjBQMB0GA1UdDgQWBBSLVRg9XSNi4SqNZ3jREXhMsfsoEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgExLV4kYrkQJiBN1Jf65BgyHh0qgQfqtma3rtKplKtjjTh5lfXlebrYJU1WyPK3bVotpb4s9cI4pZL1oBZ/XrE28wJCAaf4NGUcE+1nIfWmwAL7HXWzx/LRwufxpnHfkrztHIZPR/5c7N24PQk9njDTUFG7Lv30U8Hp42nD7uxt96zP8N+h-----END CERTIFICATE-----"
				}, {
				"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey",
				"serialnumber": "483266569",
				"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEHM4QCTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzQ2WhcNMjQwOTI0MjI1NzQ2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeve+T/aw44+WaN0QSml21K9KP7b6Gpn1ZDV3Ne+oQi2jrqOniW3LFBN8emJwGlh+X77A0WwJTkgCGP/eSftpQNE1NqGM94HnPnP2uxIWyaLZjLpEKngwj0B1mR1X6ts7H//fbV2f4MNK/B/fBSgAAe8BbLOKUX7cHSSOsNomlaSmKRjA2i37OupBrmBIN9fq7oXoTxlmQq31Y+3PpSBSgYQxnM8XLMJBzL6m2NzruMWQvBC+Ub25r0MG7sgz0cp9AytoSU6aTzlzObaixuVl/n8C025VzA8hh4LMeLxkKHO38v8O4VThWWCL0e1WVxLV4E3DgO2/foV1JRiKt9hebAgMBAAGjUjBQMB0GA1UdDgQWBBQuUwdAgwAq9taI0LeJX9qi9M2EUjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgG8jeN1fweKUB2Rf8VK1u1BeXACRDHDjodnl1NmMKVPMJOEHqIF9GpkoSP9rC5B2NbrIyMjw4zLzxPoRJSgpeHMywJBekB/uwHGYuee7mVSCpA01DZ2Rjem770cNzYGUOvN9pbTtOya2BCe+ru2VY1R6ajRZSEhpMU+06/VUMqzJwJ2tAY=-----END CERTIFICATE-----"
			             }, {
				"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey",
				"serialnumber": "1642726701",
				"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEYeoFLTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1ODA1WhcNMjQwOTI0MjI1ODA1WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ9+a2Q7S61gp5AfHNos9inTEf8wHoQaX15F7sNUjaypVYqTTnptNjwB52oshoBO8ef+wvfxqcKwodBUGd8ZWjKX6ZzEY4PdRmaQT3qqnyLBPfhyc85N/feUQIuQj5pX/+5LrZOi0y3hfwQl3elU8cMaBV7QHV0mV4Jn2TEN1QSSRe21sUd0tl6KAyio6yBFN8BqSWQXqyqHVVjnMjS43bii+twcjnfOgR9on41qIt3DTsGDFxMOt2d2+STJwpzk8lAvK1eNuId2egP6bW/PXQas+QjXL7HtV9VfuYo3/kipebHmf2rVjwrP4R8vx82iEaYBE/we06txvyAOev1giVAgMBAAGjUjBQMB0GA1UdDgQWBBT5a1O5hrneWkvl34FuhkZOLMg0WTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgFKzP/yQMVznrju0BxFITKCJF79TRZVPPdaeVraMF9SFEXom2cy6x6W13MSxshnPGm2ZJVrKxiVWcygu7t7ZfcnGAJBN0eMmXA53aT8+N71JrEXwU2gbbh17/X6yht18zR8gvGpjZU6AK8XsILvI1WzUG1dUPofMTd8rMlB/JK+ZksC9wM=-----END CERTIFICATE-----"
				}],
		"citrixidp": {
			             "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey",
				"serialnumber": "1752527694",
				"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEaHVzTjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzI3WhcNMjQwOTI0MjI1NzI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPu6Hi/0stlWMJa+m73Y9KAYo8fAiE53PgPpMjYM3a++Vf7nZ0sByk+W3Q/gRtTfjOnh+2cq2ukTLHKAG0UKZ2kD9PRzwZgfo1GoTKdRekVIIjwxOX6n52RJ9/mblkyPcOPnmjUy+aULaSTow2cI+cRukYEdzEuWDU81QEJ7m+xkZ6eKkrjJ1Y9sX4BzJttlswd43Avu/0QDGunSX37Z0NM21PZCjzgrVr5GAkBHP0Vz+bgGJ5zpcsdMQfhX4yAN6cmYOD/9JO4AQj36LaN+/JS2sU75ub8BHYFdVa1NsFbDPvvsxzrw3pweuZWXZifM+mCUy/O+JPswrnyG9PDLrAgMBAAGjUjBQMB0GA1UdDgQWBBSLVRg9XSNi4SqNZ3jREXhMsfsoEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgExLV4kYrkQJiBN1Jf65BgyHh0qgQfqtma3rtKplKtjjTh5lfXlebrYJU1WyPK3bVotpb4s9cI4pZL1oBZ/XrE28wJCAaf4NGUcE+1nIfWmwAL7HXWzx/LRwufxpnHfkrztHIZPR/5c7N24PQk9njDTUFG7Lv30U8Hp42nD7uxt96zP8N+h-----END CERTIFICATE-----"
			}
		}
	}
      }
}