FIDO is one of the most innovative authentication technologies the industry has created in last three decades. FIDO solutions balance simpler user experiences with the "highest assurance" authentication protocols at a lower cost. 

StrongKey’s open source FIDO Certified® passwordless authentication solution (SKFS) enables single sign-on without the need for an external SSO platform, significantly reducing cost and improving manageability.

Strongkey Sign-On (SKSO) solution is designed for businesses of all sizes that want to migrate away from less secure SSO implementations that use multi-factor authentication (MFA) and one -time passwords (OTPs) that are vulnerable to phishing attacks and credential theft. Some of advantages for SKSO include:

• Built-in Single Sign-on (SSO).
• Java library for web application verification of a JSON web token (JWT) using a JSON (JWS) signed with X.509 certificate-based keys.
• Security Policy Module that permits a relying party (RP) to define and update FIDO security policies without re-coding.

GENERAL ARCHITECTURE

When a user tries to access the application, user is redirected to SKSO for FIDO Authentication. Strongkey FIDO Server supports built-in SSO capabilities and creates a SAML assertion upon successful FIDO Authentication of the user. SKSO returns the SAML token to Applications.

The entire responsibility for authenticating the user and generating the SAML Token lies on the SKFS. This not only eliminated the application burden, but also any potential vulnerability gaps that might arise between the two operations.