NOTE: Learn more about the Policy Module here.
To update a policy, retrieve the current policy using the instructions here. Follow the schema and update policies using the Update Policy command in the SKFS Admin Client.
The command for Update Policy is listed below. For more details click here.
java -jar skfsadminclient.jar UP <hostport> <did> <wsprotocol> <authtype> [ <accesskey> <secretkey> | <svcusername> <svcpassword> ] <sid> <pid> <notes> <policy>
Example for changing the "requireCounter" from "mandatory" to "optional" according to the schema
java -jar /usr/local/strongkey/skfsclient/skfsadminclient.jar UP https://demo.example.com:8181 1 REST PASSWORD fidoadminuser Abcd1234! 1 1 "" '{"FidoPolicy":{"name":"MinimalPolicy","copyright":"","version":"1.0","startDate":"1695683133","endDate":"1760103870871","system":{"did":1,"requireCounter":"optional","integritySignatures":false,"userVerification":["required","preferred","discouraged"],"userPresenceTimeout":0,"allowedAaguids":["all"],"transport":["usb","internal"]},"crossOrigin":{"enabled":false,"allowedOrigins":[]},"algorithms":{"curves":["secp256r1","secp384r1","secp521r1","curve25519"],"rsa":["RS256","RS384","RS512","PS256","PS384","PS384"],"signatures":["ES256","ES384","ES512","EdDSA","ES256K"]},"attestation":{"conveyance":["none","indirect","direct","enterprise"],"formats":["fido-u2f","packed","tpm","android-key","android-safetynet","apple","none"]},"registration":{"displayName":"required","attachment":["platform","cross-platform"],"discoverableCredential":["required","preferred","discouraged"],"excludeCredentials":"enabled"},"authentication":{"allowCredentials":"enabled"},"authorization":{"maxdataLength":256,"preserve":true},"rp":{"id":"test.com","name":"FIDOServer"},"extensions":{},"mds":{"authenticatorStatusReport":[{"status":"FIDO_CERTIFIED_L1","priority":"1","decision":"IGNORE"},{"status":"FIDO_CERTIFIED_L2","priority":"1","decision":"ACCEPT"},{"status":"UPDATE_AVAILABLE","priority":"5","decision":"IGNORE"},{"status":"REVOKED","priority":"10","decision":"DENY"}]},"jwt":{"algorithms":["ES256","ES384","ES521"],"duration":30,"required":["rpid","iat","exp","cip","uname","agent"]},"signcerts":{"rootca":{"subjectdn":"CN=StrongKey FIDO Server RootCA,OU=DID 1,O=StrongKey","serialnumber":"1679560516","pemcert":"-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIEZBwPRDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0NzM4WhcNMjQwOTI0MjI0NzM4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAKdbVGToJkrCwOGEhg+JrnUM8Fv8l/g952VrWXhAaOtaIC4GMsKD0bv9gNot4nDSKH8L59i/dJiRHU4xuIvhkQAsBoSP2dipxg+bVvFtCt/dH1jOQYv+ev1KE2k8KZc4W3Ebgrvj5RZ02dIvKo8fCpEhBQKNhpR8tQmLRcAYZMcVQcAWjQjBAMB0GA1UdDgQWBBSjFsBomZYSzAs6i3XILwB6WMjz+zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJBdt0h+vm4nA0fCfHrNbmclKSojLC+c3qTwB6T3H4zuGPzQKfh37UIFLZUyeIaKNCZ/EK3ttkyAo6R3SA/RM8Qg5oCQgG5Z1imd84Oa8v5SvAfiuTuFC//fRyeTOo3Qr9uDTOizptU4voInHdsORSugU99R8oNqSISBSarXo78ZLDperHHMg==-----END CERTIFICATE-----","jwtcerts":{"default":[{"subjectdn":"CN=SKFS JWT Signer 1,OU=DID 1,O=StrongKey","serialnumber":"136454779","pemcert":"-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIECCIiezAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0NzUwWhcNMjQwOTI0MjI0NzUwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOU53tO6qIZeG9shvyKM89vDXDanSydzrzSbj4QNqcumNd7S05zIVODTM4u2K+FlKefLF0wC9quJZAVtfQr1EuOjQjBAMB0GA1UdDgQWBBRjO1ed7qSTgdWvnqSvjZgcsNYZVTAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GLADCBhwJBGNVbxTRagpZQwcjSMXuXl8GI+xzDW2DvQqzObt137rzExG2Bgl5Gqb+RPsBPnuMaeKHTSP3qjnwNUGti/usJinkCQgFmamAz25k+PNUMnUq4bsKDsFU4y5AbRWAUlZzL00YlK699Rv/+YnCbvpUlgrp7zslaIOMmKNV+sElkVDk/THwTAw==-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS JWT Signer 2,OU=DID 1,O=StrongKey","serialnumber":"189249632","pemcert":"-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEC0e4YDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0ODEwWhcNMjQwOTI0MjI0ODEwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKc91+zd9yhkCxS1wN+XTKHefzVqhT4UUNgHUEZeRK47aHvFQR8DlaxsK1jFniXpvfbOEMXQdySKeCHsJIl7b2KjQjBAMB0GA1UdDgQWBBQZAEcp7y6gAq68k19RPtSLXu/ugzAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GLADCBhwJBCmSozCgL4pV2+QE2pfNgBQQrENNzejLnYolJK/W4ImK2RiyPut2GZtRIL/pfgSYws35NaUkeICFimw0q//zH6aoCQgGSt1Y8PMxlr/+Ac1xTx1yn3HzwcZIyuF2i1YS1JzlrP1QAPIFA8UHcL0eXn0mda2aeBBTUEtSNqb0cPNkpiipqAQ==-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS JWT Signer 3,OU=DID 1,O=StrongKey","serialnumber":"956062841","pemcert":"-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEOPxceTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI0ODMwWhcNMjQwOTI0MjI0ODMwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIk85sCOVJ489k2DT2VWlfgUIsc/+6pk2EnAN5qMZtEg/tsbrKPeNChsFseBIf7RNg3TXretVtwlSJy7RytRNQ+jQjBAMB0GA1UdDgQWBBTTo/AyN1miKjrvTdYowtFNyhmJCjAfBgNVHSMEGDAWgBSjFsBomZYSzAs6i3XILwB6WMjz+zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAf+vBftPogNV7sW7JTA62KaeM7VZBTYQlQaN5CHM7Lu9RQlGc9+YBytm+6dWjJfFGrWGx9Dy7v1fURqafw21FLnDAkIA6AyVH4xAesoMhoH7U4xRBvyRbvWfgObGa1cxk9k3EHfwfd2/6+zSQ9MI65B7bRWcbcsIHysIUhbtjC9ytZGIbKI=-----END CERTIFICATE-----"}]},"samlcerts":{"default":[{"subjectdn":"CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey","serialnumber":"1752527694","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEaHVzTjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzI3WhcNMjQwOTI0MjI1NzI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPu6Hi/0stlWMJa+m73Y9KAYo8fAiE53PgPpMjYM3a++Vf7nZ0sByk+W3Q/gRtTfjOnh+2cq2ukTLHKAG0UKZ2kD9PRzwZgfo1GoTKdRekVIIjwxOX6n52RJ9/mblkyPcOPnmjUy+aULaSTow2cI+cRukYEdzEuWDU81QEJ7m+xkZ6eKkrjJ1Y9sX4BzJttlswd43Avu/0QDGunSX37Z0NM21PZCjzgrVr5GAkBHP0Vz+bgGJ5zpcsdMQfhX4yAN6cmYOD/9JO4AQj36LaN+/JS2sU75ub8BHYFdVa1NsFbDPvvsxzrw3pweuZWXZifM+mCUy/O+JPswrnyG9PDLrAgMBAAGjUjBQMB0GA1UdDgQWBBSLVRg9XSNi4SqNZ3jREXhMsfsoEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgExLV4kYrkQJiBN1Jf65BgyHh0qgQfqtma3rtKplKtjjTh5lfXlebrYJU1WyPK3bVotpb4s9cI4pZL1oBZ/XrE28wJCAaf4NGUcE+1nIfWmwAL7HXWzx/LRwufxpnHfkrztHIZPR/5c7N24PQk9njDTUFG7Lv30U8Hp42nD7uxt96zP8N+h-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS SAML Signer 2,OU=DID 1,O=StrongKey","serialnumber":"483266569","pemcert":"-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEHM4QCTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzQ2WhcNMjQwOTI0MjI1NzQ2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeve+T/aw44+WaN0QSml21K9KP7b6Gpn1ZDV3Ne+oQi2jrqOniW3LFBN8emJwGlh+X77A0WwJTkgCGP/eSftpQNE1NqGM94HnPnP2uxIWyaLZjLpEKngwj0B1mR1X6ts7H//fbV2f4MNK/B/fBSgAAe8BbLOKUX7cHSSOsNomlaSmKRjA2i37OupBrmBIN9fq7oXoTxlmQq31Y+3PpSBSgYQxnM8XLMJBzL6m2NzruMWQvBC+Ub25r0MG7sgz0cp9AytoSU6aTzlzObaixuVl/n8C025VzA8hh4LMeLxkKHO38v8O4VThWWCL0e1WVxLV4E3DgO2/foV1JRiKt9hebAgMBAAGjUjBQMB0GA1UdDgQWBBQuUwdAgwAq9taI0LeJX9qi9M2EUjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgG8jeN1fweKUB2Rf8VK1u1BeXACRDHDjodnl1NmMKVPMJOEHqIF9GpkoSP9rC5B2NbrIyMjw4zLzxPoRJSgpeHMywJBekB/uwHGYuee7mVSCpA01DZ2Rjem770cNzYGUOvN9pbTtOya2BCe+ru2VY1R6ajRZSEhpMU+06/VUMqzJwJ2tAY=-----END CERTIFICATE-----"},{"subjectdn":"CN=SKFS SAML Signer 3,OU=DID 1,O=StrongKey","serialnumber":"1642726701","pemcert":"-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEYeoFLTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1ODA1WhcNMjQwOTI0MjI1ODA1WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ9+a2Q7S61gp5AfHNos9inTEf8wHoQaX15F7sNUjaypVYqTTnptNjwB52oshoBO8ef+wvfxqcKwodBUGd8ZWjKX6ZzEY4PdRmaQT3qqnyLBPfhyc85N/feUQIuQj5pX/+5LrZOi0y3hfwQl3elU8cMaBV7QHV0mV4Jn2TEN1QSSRe21sUd0tl6KAyio6yBFN8BqSWQXqyqHVVjnMjS43bii+twcjnfOgR9on41qIt3DTsGDFxMOt2d2+STJwpzk8lAvK1eNuId2egP6bW/PXQas+QjXL7HtV9VfuYo3/kipebHmf2rVjwrP4R8vx82iEaYBE/we06txvyAOev1giVAgMBAAGjUjBQMB0GA1UdDgQWBBT5a1O5hrneWkvl34FuhkZOLMg0WTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgFKzP/yQMVznrju0BxFITKCJF79TRZVPPdaeVraMF9SFEXom2cy6x6W13MSxshnPGm2ZJVrKxiVWcygu7t7ZfcnGAJBN0eMmXA53aT8+N71JrEXwU2gbbh17/X6yht18zR8gvGpjZU6AK8XsILvI1WzUG1dUPofMTd8rMlB/JK+ZksC9wM=-----END CERTIFICATE-----"}],"citrixidp":{"subjectdn":"CN=SKFS SAML Signer 1,OU=DID 1,O=StrongKey","serialnumber":"1752527694","pemcert":"-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEaHVzTjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDExJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI1MjI1NzI3WhcNMjQwOTI0MjI1NzI3WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAxMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPu6Hi/0stlWMJa+m73Y9KAYo8fAiE53PgPpMjYM3a++Vf7nZ0sByk+W3Q/gRtTfjOnh+2cq2ukTLHKAG0UKZ2kD9PRzwZgfo1GoTKdRekVIIjwxOX6n52RJ9/mblkyPcOPnmjUy+aULaSTow2cI+cRukYEdzEuWDU81QEJ7m+xkZ6eKkrjJ1Y9sX4BzJttlswd43Avu/0QDGunSX37Z0NM21PZCjzgrVr5GAkBHP0Vz+bgGJ5zpcsdMQfhX4yAN6cmYOD/9JO4AQj36LaN+/JS2sU75ub8BHYFdVa1NsFbDPvvsxzrw3pweuZWXZifM+mCUy/O+JPswrnyG9PDLrAgMBAAGjUjBQMB0GA1UdDgQWBBSLVRg9XSNi4SqNZ3jREXhMsfsoEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUoxbAaJmWEswLOot1yC8AeljI8/swDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgExLV4kYrkQJiBN1Jf65BgyHh0qgQfqtma3rtKplKtjjTh5lfXlebrYJU1WyPK3bVotpb4s9cI4pZL1oBZ/XrE28wJCAaf4NGUcE+1nIfWmwAL7HXWzx/LRwufxpnHfkrztHIZPR/5c7N24PQk9njDTUFG7Lv30U8Hp42nD7uxt96zP8N+h-----END CERTIFICATE-----"}}}}}}'
NOTE: The policy JSON is minified to easily pass in as argument in terminal.
Copyright (c) 2001-2023 StrongAuth, Inc. All rights reserved.
REST Update Policy with PASSWORD
******************************************
Calling update @ https://demo.strongkey.com:8181/skfs/rest/updatepolicy
Response : {"Response":"Successfully updated policy 1-1"","skfsVersion":"4.10.0","skfsFQDN":"demo.strongkey.com","TXID":"1-174-1677279652057"}
Update Policy complete.
******************************************
Done with Update Policy!