Property

skso.cfg.property.apiuri

Explanation

This property defines where the StrongKey FIDO Server (SKFS) is accessible to the SKSO on the network. Set this to the FQDN of the machine where SKFS is installed. 

Default Value

https://localhost:8181

Property

skso.cfg.property.rpid

Explanation

This property should be set to the Relying Party ID (RPID) of the Strongkey Tellaro Appliance. This defines the top-level domain + 1 (TLD+1) that will apply to all FIDO registrations and authentications. Any other RPID detected in the authentication process will be deemed invalid by the FIDO Authenticator (aka Security Key)

Default Value

Property

skso.cfg.property.did

Explanation

Strongkey Tellaro Appliances operate with distinct "cryptographic domains" which encapsulate its policies, keys and encrypted data. A minimum of one cryptographic domain is necessary but customers can create as many cryptographic domains as necessary. 

Default Value

1

Property

skso.cfg.property.authtype

Explanation

Property that identifies the type of the authentication. 

Default Value

Property

skso.cfg.property.svcusername

Explanation

This is the username used for PASSWORD-based Authorization for skfsclient. Skfsclient operations are performed by a normal FIDO user. These operations include registration, authentication, authorization, getting key information, updating key information, and deleting keys.

Please refer the section "Administration Section under SKFS" on how to use the sample skfsclient.

Default Value

svcfidouser

Property

skso.cfg.property.svcpassword

Explanation

This is the password used for PASSWORD-based Authorization for skfsclient.

Explanation

Property

skso.cfg.property.skfs.adminusername

Explanation

This is the username used for PASSWORD-based Authorization for skfsadminclient. skfsadminclient operations are performed by an administrative FIDO user. These operations include pinging the SKFS, policy management (get, create, patch, and delete), setting configurations (get, update, and delete), getting keys of multiple users simultaneously, and updating usernames.

Default Value

fidoadminuser

Property

skso.cfg.property.skfs.adminpassword

Explanation

This is the password used for PASSWORD-based Authorization for skfsadminclient.

Default Value

Abcd1234!

Property

skso.cfg.property.configlocation

Explanation

This property allows you to configure the path for the SKSO configuration properties file.

Default Value

/usr/local/strongauth/skso/etc/skso-configuration.properties

Property

skso.cfg.property.custommessageslocation

Explanation

This feature allows one to easily customize the file location and replace pre-set messages with custom ones. Please refer the Section "SKSO messages" to view the list of messages used by SKSO.

Default Path

Property

skso.cfg.property.wsprotocol

Explanation

Protocol to communicate with StrongKey Tellaro Appliance.

Default Value

 REST

Property

skso.cfg.property.custom.abstract.image.use

Explanation

This property determines whether SKSO will use the custom Abstract image.

Default Value

 false

Property

skso.cfg.property.custom.abstract.image.location

Explanation

Location of the custom abstract image on the file system of the machine/vm where SKSO is deployed. Acceptable image formats [JPG,JPEG,PNG]

Default Value

/usr/local/strongauth/skso/abstract.png

Property

skso.cfg.property.custom.logo.image.use

Explanation

This property determines whether SKSO will use the custom Logo image. Acceptable values[true,false]

Default Value

 false

Property

skso.cfg.property.custom.logo.image.location

Explanation

This determines the location of the custom Logo image on the file system of the machine/vm where SKSO is deployed. Acceptable image formats [JPG,JPEG,PNG]

Default Value

/usr/local/strongauth/skso/logo.jpeg

Property

skso.cfg.property.pkix.clientauth

Explanation

This property determines whether TLS Client Authentication should be performed.

Default Value

 false

Property

skso.cfg.property.pkix.truststore.location

Explanation

This property determines the location for the truststore for PKIX validation.

Default Value

/usr/local/strongauth/skso/etc/skso-truststore.bcfks

Property

skso.cfg.property.pkix.truststore.password

Explanation

This property determines the password for the truststore for PKIX validation.

Default Value

changeit

Property

skso.cfg.property.jwttruststorelocation

Explanation

This property allows one to configure the path for the credential used for authenticating to the keystore for signing JSON Web Tokens (JWT) for session management.

Default Value

/usr/local/strongauth/skfs/keystores/ssosigningtruststore.bcfks

Property

skso.cfg.property.jwtpassword

Explanation

Default Value

 Abcd1234!

Property

skso.cfg.property.jwtverificationips

Explanation

This property allows one to configure the IP addresses of the SKSO VM instances that are part of the cluster.

If there are multiple SKSO VM Instances in a cluster, specify the IP addresses of these machines separated by a comma with no spaces. Example: 10.0.1.1,10.0.2.2,10.0.2.3

Default Value

 localhost

Property

skso.cfg.property.citrix.integration

Explanation

This property enables/disables the citrix Integration for SKSO.

Default Value

false

Property

skso.cfg.property.saml.binding

Explanation

Default Value

 POST

Property

skso.cfg.property.saml.requester

Explanation

This property defines the URL of the Resource Provider in a SAML configuration, and depends on SKSO to provide a SAML Assertion after authenticating the user. For instance, when SKSO is integrated with Citrix Gateway, this URL will be the destination where users are redirected if they come to the SKSO application without a SAML request (so Citrix Gateway may send them back to SKSO with a SAML AuthnRequest), and after they are authenticated with FIDO and returned back to Citrix Gateway with a SAML Assertion. 

NOTE: If this property is changed after SKSO has started operating please refer this link.

Default Value

 https://demo.example.com/

Property

Explanation

Default Value

Property

skso.cfg.property.ldap.search

Explanation

This property allows one to configure whether SKSO will search AD/LDAP directory to verify if a user is authorized to register FIDO credentials with the FIDO Server.

Default Value

false

Property

skso.cfg.property.directory.service.type

Explanation

Default Value

 LDAP

Property

skso.cfg.property.directory.service.searchkey

Explanation

This feature lets one customize the searchkey in the LDAP directory such as searching for "userPrincipalName" in AD or "cn" in openLDAP.

Default Value

Property

skso.cfg.property.service.ce.ldap.search.registerOkKey

Explanation

This property allows one to configure the attribute name set in AD/LDAP directory to verify if a user is allowed to create FIDO credentials. 

Default Value

Property

skso.cfg.property.service.ce.ldap.search.ldapurl

Explanation

This property defines where the Active Directory/LDAP instance can be found to determine if a user is authorized to register a FIDO credential with SKSO.

Default Value

ldap://localhost:389

Property

Explanation

This property allows one to configure the Base DN where LDAP searches begin searching objects within the LDAP Directory.

Default Value

dc=strongauth,dc=com

Property

Explanation

Default Value