RFE-40

Phase out the use of policy ID (pid) and server ID (sid) in getpolicy api call

With the removal of status and the introduction of a single policy per domain, users no longer need to bother with the policy ID (PID) when making a getpolicy call. This resolves the issue where users had to know the PID of a policy in order to retrieve it with a getpolicy call, often requiring them to log into the database for verification. Due to the changes brought by BUG-17, the knowledge of a policy's PID is an unnecessary obstacle when performing a getpolicy call, as users only need the domain ID (DID)..

RFE-89

Add codes to SKFS Admin APIs responses

Add/Get/Update/Delete fido policy, Get/Update/Delete fido config, and update username responses now return unique response codes.

Add Fido Policy

FIDO-MSG-0063: Done with addpolicy request; Output: {0}

Get Fido Policy

FIDO-MSG-0065 "Done with getpolicy request; Output: {0}"

Update Fido Policy

FIDO-MSG-0067 "Done with updatepolicy request; Output: {0}"

Delete Fido Policy

FIDO-MSG-0069 "Done with deletepolicy request; Output: {0}"

Delete Fido Config

FIDO-MSG-0071 "Done with deleteconfiguration request; Output: {0}"

Get Fido Config

FIDO-MSG-0073 "Done with getconfiguration request; Output: {0}"

Update Fido Config

FIDO-MSG-0075 "Done with updateconfiguration request; Output: {0}"

Update Username

FIDO-MSG-0077 "Done with updateusername request; Input: {0}"

RFE-91

Deprecate U2F protocol

SKFS version 4.10 was the last version that supported the U2F protocol (https://devdocs.strongkey.com/index.php/skfs-v3/skfs-release-notes). Starting from release 4.11, U2F protocol has been completely deprecated and if the protocol inside the "svcinfo" object is set to U2F, the server will return "FIDO-ERR-0076: Invalid "protocol" in request payload".

RFE-144

Add option to include the counter in fido credential database signatures

A new property has been added (false by default):

skfs.cfg.property.db.signature.includecounter

When this property is enabled, the SKFS will include a fido key's counter when generating the signature to be stored in the database.

NOTE: This property must only be set during installation. If it is enabled or disabled in an existing SKFS, signature verification for all current signatures in the database will fail.

BUG-64

Add missing replication code for preauthenticating when using Discoverable flow

Some missing replication code in the preauthenticate bean when performing a preauthentication with Discoverable credentials has been added.

BUG-65

Remove from challengeMap after second auth in three step Discoverable flow

In the custom three step Discoverable flow, user session is now removed from memory after the second authentication.

BUG-67

Fix authentication not performing origin/rpid verification

Authentication now performs origin and rpid verification checks.

BUG-72

Fix bug in manageSKFSCreds.sh for addUserToGroup and removeUserFromGroup operations

The manageSKFSCreds.sh script had errors related to the groups variable being set to the wrong script parameter in the above mentioned operations. The script now correctly parses arguments for these two operations. Additionally, the manageSKFSCreds.sh script has been reworked for better option handling and general readability. Added getUsers and getGroups operations. More details on the script's usage can be found here.