What is StrongKey Sign-On (SKSO)?

StrongKey Sign-On (SKSO) is a purpose-built web application designed to support the management of FIDO credentials with StrongKey FIDO Server (SKFS), as well as enable single sign-on (SSO) to Citrix Application Delivery Controller (ADC) and Citrix Gateway using Security Assertion Markup Language (SAML) Assertions.

SKFS is an open-source, enterprise-grade FIDO® Certified Server to enable phishing-resistant passwordless authentication for web and mobile applications. It functions as an identity provider (IDP) within SSO environments using either SAML and/or JWT tokens for authorizing strongly authenticated users to protected resources.

Combined, SKFS + SKSO eliminate passwords for Citrix/SAML environments delivering NIST Authentication Assurance Level (AAL) 3 authentication (NIST Special Publication 800-63 Digital Identity Guidelines) when used with appropriate hardware Authenticators without the need for Authenticator Apps.

FEATURES

Some features of SKSO + SKFS include, but are not limited to:

• Out-of-the-box integration with Citrix Application Delivery Controller (ADC) and Citrix Gateway
• Works with any FIDO Authenticator
• Built-in Single Sign-On (SSO) with SAML and JWT tokens, eliminating the need for a third-party SSO service or software.
• The highest authentication assurance when used with the appropriate FIDO Authenticator: Authentication Assurance Level-3 (AAL-3) compliance.
• Policy module for enforcing security policy outside web/mobile applications.
• FIPS 140-2 Level-2 (standard) or Level-3 (optional) cryptographic hardware modules to protect SKFS from side-channel attacks.
• Easy integration for web/mobile applications via REST or SOAP web services – with sample code to make it easier.
• Enterprise ready: High Availability/Disaster Recovery built in via clustered architecture at no additional cost.
• Integration with LDAP or Active Directory.
• Integration with PKI.