NOTE: Learn more about the Policy Module here.
To update a policy, retrieve the current policy using the instructions here. Follow the schema and update policies using the Update Policy command in the SKFS Admin Client.
The command for Update Policy is listed below. For more details click here.
java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <sid> <pid> <notes> <policy>
Example for changing the "requireCounter" from "mandatory" to "optional" according to the schema:
NOTE: The policy JSON is minified to easily pass in as argument in terminal.
java -jar skfsadminclient.jar UP https://example.strongkey.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! 1 1 "Updated Policy" '{"FidoPolicy":{"name":"MinimalPolicy","copyright":"","version":"1.0","startDate":"1717785111","endDate":"1760103870871","system":{"did":1,"requireCounter":"optional","integritySignatures":false,"userVerification":["required","preferred","discouraged"],"userPresenceTimeout":0,"allowedAaguids":["all"],"transport":["usb","internal"]},"crossOrigin":{"enabled":false,"allowedOrigins":[]},"algorithms":{"curves":["secp256r1","secp384r1","secp521r1","curve25519"],"rsa":["RS256","RS384","RS512","PS256","PS384","PS384"],"signatures":["ES256","ES384","ES512","EdDSA","ES256K"]},"attestation":{"conveyance":["none","indirect","direct","enterprise"],"formats":["fido-u2f","packed","tpm","android-key","android-safetynet","apple","none"]},"registration":{"displayName":"required","attachment":["platform","cross-platform"],"discoverableCredential":["required","preferred","discouraged"],"excludeCredentials":"enabled"},"authentication":{"allowCredentials":"enabled"},"authorization":{"maxdataLength":256,"preserve":true},"rp":{"id":"strongkey.com","name":"FIDOServer"},"extensions":{},"mds":{"authenticatorStatusReport":[{"status":"FIDO_CERTIFIED_L1","priority":"1","decision":"IGNORE"},{"status":"FIDO_CERTIFIED_L2","priority":"1","decision":"ACCEPT"},{"status":"UPDATE_AVAILABLE","priority":"5","decision":"IGNORE"},{"status":"REVOKED","priority":"10","decision":"DENY"}]},"jwt":{"algorithms":["ES256","ES384","ES521"],"duration":30,"required":["rpid","iat","exp","cip","uname","agent"]},"signcerts":{"rootca":{"subjectdn":"CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey","serialnumber":"-177581522072826007","pemcert":"-----BEGIN CERTIFICATE-----MIICVzCCAbigAwIBAgIJAP2JGovqLQ9pMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjM4WhcNMjUwNjA3MTgxMjM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAxovTmZj4rImLF97K87bHTRkD3xuVI9RZ8YTY29990vXci06oBH3rh+aPUDbMiu7IGYBISS9AIFyXGkHQH7mHIjcAfvSbKYcrZ0H0PdTtYH6b0CmSHgE2pSkUuzNv+e41jyHgYh8jPd5tftZ3Snf/Zg76VHJzYK9xVptJxzrG1R688AqjQjBAMB0GA1UdDgQWBBSPxZjD3CXirWm/IaXVTjDl2HiodzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgE48kTRIsmNoDRunwIus3aBHG97EdLN8QsSuRRkUlu+PrLx8nicd9FqrTIkdlrQ48NXIix4wNbnj0JUXf5mO2DsFQJCAaQguK6Sr091YE0TL70adsXcD0OfFYqfCRXEsfsFrHGt9vQzM9j8Tg7/p6gNo1vifV/wrztRDGPPgJTtXshzvUMz-----END CERTIFICATE-----","jwtcerts":{"default":[{"subjectdn":"CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey","serialnumber":"-4658888773167051440","pemcert":"-----BEGIN CERTIFICATE-----MIICCTCCAWqgAwIBAgIJAL9YTVg7Uo1QMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjQwNjA3MTgxMjUzWhcNMjUwNjA3MTgxMjUzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLpNXfFZVi5hRDoYkmxedB2gBFWAO1XEPATOBXdnrzxQL9uyJcBv93k7Q3ZKQ2v4EPy99G3AdeQ8INql2zzurpujQjBAMB0GA1UdDgQWBBQWtOtaxCSJEsLHa9azjHXM91OCezAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgDCA9L222vpJu1e6H2+pi6SfbBtF1lBLmJTGowPkt0KLBB3UbMyH7oYiaQR0obWy2mtPBKjWgCGrvsWEg4aHq6djQJCAXD+TSEuCdKFVEu9r2xX0PPRIkM3cq/d/nJWtvq4xxViBxYmS4B3N+NpL+RfYtA17icjIkpze7CXz9q+gRXD+GO0-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey","serialnumber":"3256801899139789702","pemcert":"-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIILTJ8Em4Lc4YwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMTRaFw0yNTA2MDcxODEzMTRaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDsH9HdMCX9VzsbN03ysnEgdmZmIxRTeenlKNYPdRplBg/jKabha3ITZIPZaIXLMwxxZ7LPRxwx4cOIHAdc/8sKNCMEAwHQYDVR0OBBYEFI7UAJOrRp+TLxnZSjNjhAmT/3hXMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GMADCBiAJCAfUURlsGdhWpXUrljTIR+zlAhcTAVCg/V/6xoGVF5PoDHiBYx/cnVGVslh6T7uM/tMPxUsOMNKAtWGlZcuuJuUJeAkIBgd/+DUQxMwsPB5HXobZwMkZVxljnPOf0JGh3nK3ddn12Eydy6z8Fi5UjdBK3yrfChXpHl3NnmZ/wKPyXzszEM9Y=-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey","serialnumber":"5397196325783806979","pemcert":"-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIISuaxdnVjJAMwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODEzMzVaFw0yNTA2MDcxODEzMzVaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIzMNhzFX2K470vatlH5idCmTpuZwzLySJpRBDlwFL+p3itUh4adSpqZuhAznii810/p/J95UCWcXkXxcjEWTWKNCMEAwHQYDVR0OBBYEFOslD1/laM/Dx/PDu2GYF6x/xxHcMB8GA1UdIwQYMBaAFI/FmMPcJeKtab8hpdVOMOXYeKh3MAoGCCqGSM49BAMEA4GLADCBhwJCAU5bass8HMUuO3PSL4d6QTEAlRWfqidYNq1Bsg1QpTTCio7FHvA62xUfixfX+MBOQVtiBmoe83c01MfaKhPQRY2FAkF2bFq27xv6NkHCBrZvdMizlQjCewJvj5f5r14mkwoNrknhmH06bGO/kskTNkx4boy+Swq4+9hOBMcBJ73Hj8TfOg==-----END CERTIFICATE-----"}]},"samlcerts":{"default":[{"subjectdn":"CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey","serialnumber":"8152870988524290549","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey","serialnumber":"5045826891452461148","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIRgZg0ucjMFwwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMzZaFw0yNTA2MDcxODIzMzZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKMDc68tM6YEyW7eKk7qGe04Cmjjn+E76jABojTV0WQMak2PeV6cLcESwqSNcjmq0CrxoK+EXjYj3vRDq/rDQbdrmmQ3WTh14p5+O4MUWbCMak30YGL2EWfiF642s/Qbyz1UD0UCeMP4kt1G1Xg2NieeUYslbVtS3EEJ7cj+2m3jsFvzu3aFikxpGcPLUyeVjwwx7pe4QrhvbbMC5UIjghva0eA61V7IHaDvuJrZ4D949ezRAsGA0kMbPiNblOfoPQTogdKxpIrUsndaDZHpALTP1rpaSt/6MfihPgAbR7JHmR+9z75YaUv7ZXSbu2yO/iZzlUoXphgK8ZOhB2Qfq8CAwEAAaNSMFAwHQYDVR0OBBYEFCrdNLd5w5l2GQGTAppl0yxt/uygMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGMV/fYhYpWfnkRaage+m2qmXZRPSSU5QgfpDrPTRDgxWbslxzr0Cvh/CeG0jD34nriVr2+vxPFfllFR6i9weSo9gJCAfYbg+/JZYOwgT9fnDJm8vXP8ODL6qXn6z5N102C7tL0AuMTAU3d9wnFpEbpWboeEg5zsk78kZ+O9GevTwHb406B-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey","serialnumber":"8532427843623313953","pemcert":"-----BEGIN CERTIFICATE-----MIIC4jCCAkWgAwIBAgIIdmlF6sLR4iEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzNTZaFw0yNTA2MDcxODIzNTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI3w4rS0PzNH8gKaROPz3doPi4JLEn6OHuLxCBMpEC/AxACINDPqaYQa/WnwyaW28WCedNy6v9JRUwH/ztoOGq4Y1WZ0lYRRdr2onbMhGrq9EQ3mwfMF5ZEA/hZn8Z6qwRn1KPgVqSSvhbdu4F3pmfO4tutmDtAfMF0K5a0cmuTq6oxd6eris1wu1J6f/5jOe/9JN0OuUZh7nf+ifia+xUzB/k2YUT453qtHGLyHxGI0h8xIZTqwwEgUkIp076hBR8z+5dsNG8VIOfea3ZjFLkl8/gLlpctQIoWqKvvvg9UyVvWgEXZAVmOspwRkr6EWWVGKATdMgUzrlRa8RXvNJqsCAwEAAaNSMFAwHQYDVR0OBBYEFDc3nMrMDS24L0zdgQtk/oqRFeDbMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBigAwgYYCQXLOvHeDlT3omFDROmqE+nZsCItjRlWq3eqB4NBxCxC9vdFDrrJlzBpGm7oIf/NYg1idB+Zx3kIzVjLvcZu3D13pAkELoDM0IzFv7rogumS0tSDSdVy7bUsP0xOYJ2mr/Pv4oxdQ/f3cdvRC7WaApzTNwyKXc+4MD060VrUGIM7R8bNNPw==-----END CERTIFICATE-----"}],"citrixidp":{"subjectdn":"CN=SKFS SAML Signer 1,OU=DID 1, O=StrongKey","serialnumber":"8152870988524290549","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIcSTQ9+KUAfUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgMTElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNDA2MDcxODIzMTZaFw0yNTA2MDcxODIzMTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYbqmKbahlc5vSFBvBkrQ2iMb+pwh2pq/SmkdrnYnAnP9ZGaf0lfNRv0C8aOlj0NjktSOIwMgGSdcgwN9O7O24HRGymin6xp3GxwucAfbXPCuLgkGs3aTf63lW407XFCu307slvDnC4n5i5eLZFDhPlyGx7Kg92UOOUzp4HBgCFl5JMTQe63HqKoKLP3Ah1cGp8/T1+6q8drCa100FSGjrsAYIujZTXGIbeFNNi3cGIuqgVAsifGKZNm7IV6jlqA0gKm1Bh/ryTltZF5zuM6QbrJNPC+8nCyGSvVLZ0RcQ4C3ERIWLnuWN5WJteBXzbXvAhaihBQREWJmGVutqg0GkCAwEAAaNSMFAwHQYDVR0OBBYEFGAxYjswFNRICuHxAE2gqQXoFuPwMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSPxZjD3CXirWm/IaXVTjDl2HiodzAKBggqhkjOPQQDBAOBjAAwgYgCQgGi23zsvpXuZP3H7xMwLSjPYq0r0WkKEwkdw9+XGtmKAU1Y7tXXKN2/l/el9yBWTR38lLzEtal/OTaK/6G81UKk2wJCARgMEOwJhZXMDsFBrZa2mMiar4CyBgVx3VFgNYggBFp07HqJjjQ3/pXLAZY2iOzQtxQvQTPDr4QRbmp9hfh94pQ1-----END CERTIFICATE-----"}}}}}}'
Copyright (c) 2001-2024 StrongAuth, Inc. All rights reserved.
REST Update Policy with PASSWORD
******************************************
Calling update @ https://example.strongkey.com:8181/skfs/rest/updatepolicy
Response : {"Response":"Successfully updated policy 1-1","responseCode":"FIDO-MSG-0067","skfsVersion":"4.14.0","skfsFQDN":"example.strongkey.com","TXID":"1-1-76-1717787288339"}
Update Policy complete.
******************************************
Done with Update Policy!