Product Documentation

NOTE: Learn more about the Policy Module here.

To update a policy, retrieve the current policy using the instructions here. Follow the schema and update policies using the Update Policy command in the SKFS Admin Client.

 

The command for Update Policy is listed below. For more details click here.

java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <sid> <pid> <notes> <policy>

 

Example for changing the "requireCounter" from "mandatory" to "optional" according to the schema:

 NOTE: The policy JSON is minified to easily pass in as argument in terminal.
java -jar skfsadminclient.jar UP https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! 1 1 "Updated Policy" '{"FidoPolicy":{"name":"MinimalPolicy","copyright":"","version":"1.0","startDate":"1717785111","endDate":"1760103870871","system":{"did":1,"requireCounter":"optional","integritySignatures":false,"userVerification":["required","preferred","discouraged"],"userPresenceTimeout":0,"allowedAaguids":["all"],"transport":["usb","internal"]},"crossOrigin":{"enabled":false,"allowedOrigins":[]},"algorithms":{"curves":["secp256r1","secp384r1","secp521r1","curve25519"],"rsa":["RS256","RS384","RS512","PS256","PS384","PS384"],"signatures":["ES256","ES384","ES512","EdDSA","ES256K"]},"attestation":{"conveyance":["none","indirect","direct","enterprise"],"formats":["fido-u2f","packed","tpm","android-key","android-safetynet","apple","none"]},"registration":{"displayName":"required","attachment":["platform","cross-platform"],"discoverableCredential":["required","preferred","discouraged"],"excludeCredentials":"enabled"},"authentication":{"allowCredentials":"enabled"},"authorization":{"maxdataLength":256,"preserve":true},"rp":{"id":"strongkey.com","name":"FIDOServer"},"extensions":{},"mds":{"authenticatorStatusReport":[{"status":"FIDO_CERTIFIED_L1","priority":"1","decision":"IGNORE"},{"status":"FIDO_CERTIFIED_L2","priority":"1","decision":"ACCEPT"},{"status":"UPDATE_AVAILABLE","priority":"5","decision":"IGNORE"},{"status":"REVOKED","priority":"10","decision":"DENY"}]},"jwt":{"algorithms":["ES256","ES384","ES521"],"duration":30,"required":["rpid","iat","exp","cip","uname","agent"]},"signcerts":{"rootca":{"subjectdn":"CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey","serialnumber":"-177581522072826007","pemcert":"-----BEGIN CERTIFICATE-----MIICVzCCAbigAwIBAgIJAP2JGovqLQ9pMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjM4WhcNMjUwNjA3MTgxMjM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAxovTmZj4rImLF97K87bHTRkD3xuVI9RZ8YTY29990vXci06oBH3rh+aPUDbMiu7IGYBISS9AIFyXGkHQH7mHIjcAfvSbKYcrZ0H0PdTtYH6b0CmSHgE2pSkUuzNv+e41jyHgYh8jPd5tftZ3Snf/Zg76VHJzYK9xVptJxzrG1R688AqjQjBAMB0GA1UdDgQWBBSPxZjD3CXirWm/IaXVTjDl2HiodzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgE48kTRIsmNoDRunwIus3aBHG97EdLN8QsSuRRkUlu+PrLx8nicd9FqrTIkdlrQ48NXIix4wNbnj0JUXf5mO2DsFQJCAaQguK6Sr091YE0TL70adsXcD0OfFYqfCRXEsfsFrHGt9vQzM9j8Tg7/p6gNo1vifV/wrztRDGPPgJTtXshzvUMz-----END CERTIFICATE-----","jwtcerts":{"default":[{"subjectdn":"CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey","serialnumber":"-4658888773167051440","pemcert":"-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAL9YTVg7Uo1QMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjUzWhcNMjUwNjA3MTgxMjUzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLpNXfFZVi5hRDoYkmxedB2gBFWAO1XEPATOBXdnrzxQL9uyJcBv93k7Q3ZKQ2v4EPy99G3AdeQ8INql2zzurpujQjBAMB0GA1UdDgQWBBQWtOtaxCSJEsLHa9azjHXM91OCezAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgDCA9L222vpJu1e6H2+pi6SfbBtF1lBLmJTGowPkt0KLBB3UbMyH7oYiaQR0obWy2mtPBKjWgCGrvsWEg4aHq6djQJCAXD+TSEuCdKFVEu9r2xX0PPRIkM3cq/d/nJWtvq4xxViBxYmS4B3N+NpL+RfYtA17icjIkpze7CXz9q+gRXD+GO0-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey","serialnumber":"3256801899139789702","pemcert":"-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIILTJ8Em4Lc4YwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMTRaFw0yNTA2MDcxODEzMTRaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDsH9HdMCX9VzsbN03ysnEgdmZmIxRTeenlKNYPdRplBg/jKabha3ITZIPZaIXLMwxxZ7LPRxwx4cOIHAdc/8sKNCMEAwHQYDVR0OBBYEFI7UAJOrRp+TLxnZSjNjhAmT/3hXMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GMADCBiAJCAfUURlsGdhWpXUrljTIR+zlAhcTAVCg/V/6xoGVF5PoDHiBYx/cnVGVslh6T7uM/tMPxUsOMNKAtWGlZcuuJuUJeAkIBgd/+DUQxMwsPB5HXobZwMkZVxljnPOf0JGh3nK3ddn12Eydy6z8Fi5UjdBK3yrfChXpHl3NnmZ/wKPyXzszEM9Y=-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey","serialnumber":"5397196325783806979","pemcert":"-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIISuaxdnVjJAMwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMzVaFw0yNTA2MDcxODEzMzVaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIzMNhzFX2K470vatlH5idCmTpuZwzLySJpRBDlwFL+p3itUh4adSpqZuhAznii810/p/J95UCWcXkXxcjEWTWKNCMEAwHQYDVR0OBBYEFOslD1/laM/Dx/PDu2GYF6x/xxHcMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GLADCBhwJCAU5bass8HMUuO3PSL4d6QTEAlRWfqidYNq1Bsg1QpTTCio7FHvA62xUfixfX+MBOQVtiBmoe83c01MfaKhPQRY2FAkF2bFq27xv6NkHCBrZvdMizlQjCewJvj5f5r14mkwoNrknhmH06bGO/kskTNkx4boy+Swq4+9hOBMcBJ73Hj8TfOg==-----END CERTIFICATE-----"}]},"samlcerts":{"default":[{"subjectdn":"CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey","serialnumber":"8152870988524290549","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey","serialnumber":"5045826891452461148","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIRgZg0ucjMFwwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMzZaFw0yNTA2MDcxODIzMzZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKMDc68tM6YEyW7eKk7qGe04Cmjjn+E76jABojTV0WQMak2PeV6cLcESwqSNcjmq0CrxoK+EXjYj3vRDq/rDQbdrmmQ3WTh14p5+O4MUWbCMak30YGL2EWfiF642s/Qbyz1UD0UCeMP4kt1G1Xg2NieeUYslbVtS3EEJ7cj+2m3jsFvzu3aFikxpGcPLUyeVjwwx7pe4QrhvbbMC5UIjghva0eA61V7IHaDvuJrZ4D949ezRAsGA0kMbPiNblOfoPQTogdKxpIrUsndaDZHpALTP1rpaSt/6MfihPgAbR7JHmR+9z75YaUv7ZXSbu2yO/iZzlUoXphgK8ZOhB2Qfq8CAwEAAaNSMFAwHQYDVR0OBBYEFCrdNLd5w5l2GQGTAppl0yxt/uygMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGMV/fYhYpWfnkRaage+m2qmXZRPSSU5QgfpDrPTRDgxWbslxzr0Cvh/CeG0jD34nriVr2+vxPFfllFR6i9weSo9gJCAfYbg+/JZYOwgT9fnDJm8vXP8ODL6qXn6z5N102C7tL0AuMTAU3d9wnFpEbpWboeEg5zsk78kZ+O9GevTwHb406B-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey","serialnumber":"8532427843623313953","pemcert":"-----BEGIN CERTIFICATE-----MIIC4jCCAkWgAwIBAgIIdmlF6sLR4iEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzNTZaFw0yNTA2MDcxODIzNTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI3w4rS0PzNH8gKaROPz3doPi4JLEn6OHuLxCBMpEC/AxACINDPqaYQa/WnwyaW28WCedNy6v9JRUwH/ztoOGq4Y1WZ0lYRRdr2onbMhGrq9EQ3mwfMF5ZEA/hZn8Z6qwRn1KPgVqSSvhbdu4F3pmfO4tutmDtAfMF0K5a0cmuTq6oxd6eris1wu1J6f/5jOe/9JN0OuUZh7nf+ifia+xUzB/k2YUT453qtHGLyHxGI0h8xIZTqwwEgUkIp076hBR8z+5dsNG8VIOfea3ZjFLkl8/gLlpctQIoWqKvvvg9UyVvWgEXZAVmOspwRkr6EWWVGKATdMgUzrlRa8RXvNJqsCAwEAAaNSMFAwHQYDVR0OBBYEFDc3nMrMDS24L0zdgQtk/oqRFeDbMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBigAwgYYCQXLOvHeDlT3omFDROmqE+nZsCItjRlWq3eqB4NBxCxC9vdFDrrJlzBpGm7oIf/NYg1idB+Zx3kIzVjLvcZu3D13pAkELoDM0IzFv7rogumS0tSDSdVy7bUsP0xOYJ2mr/Pv4oxdQ/f3cdvRC7WaApzTNwyKXc+4MD060VrUGIM7R8bNNPw==-----END CERTIFICATE-----"}],"citrixidp":{"subjectdn":"CN=SKFS SAML Signer 1,OU=DID 1, O=StrongKey","serialnumber":"8152870988524290549","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"}}}}}}'
 
Output
 
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.

REST Update Policy with PASSWORD
******************************************

Calling update @ https://example.strongkey.com:8181/skfs/rest/updatepolicy
 Response : {"Response":"Successfully updated policy 1-1","responseCode":"FIDO-MSG-0067","skfsVersion":"4.14.0","skfsFQDN":"example.strongkey.com","TXID":"1-1-76-1717787288339"}

Update Policy complete.
******************************************

Done with Update Policy!