fido2 icon indicating copy to clipboard operation
fido2 copied to clipboard
verified publisher icon StrongKey

Unable to define multiple policies

Open adityarao1 opened this issue 3 years ago • 4 comments

I am creating two applications- android and IOS for fido authentication. For this I have created two policies-

  1. Minimal (Any Hardware Authenticator) and
  2. Restricted (Apple PassKey) When I am calling the strong-key server for fido registration, it is always taking the 2nd policy. Are there any configuration level changes I have to do to make it work? Please suggest.

adityarao1 avatar Jan 30 '23 08:01 adityarao1

Hi @adityarao1,

StrongKey FIDO Server (SKFS) manages the security policies with its Policy Module(PM) and if you are doing a default install, SKFS-PM creates eight different domains for SKFS with different policies.

Each cryptographic domain(did) can only have one policy being enforced at a time, so if you did add the two policies to the same domain, SKFS will most likely use the latest policy that was added.

Did you add two policies to the same domain?

If you do want to use two different policies, they have to be in two different domains. Once you have it set up with two domains, you can specify the right domain in the web service calls.

https://docs.strongkey.com/index.php/skfs-home/skfs-sample-code/skfs-api/skfs-rest/skfs-rest-preregister/skfs-rest-preregister-request

You can also look at the logs in the server.log in /usr/local/strongkey/payara5/glassfish/domains/domain1/logs folder or type in aslg and it will take you to the directory of your SKFS logs.

If you do want to use both your applications against the same domain then you will have to come up with a single policy that will be acceptable for both the applications.

You can always get and update the policy for any domain using the following links: https://docs.strongkey.com/index.php/skfs-home/skfs-how-to/skfs-policy-questions/get-policy https://docs.strongkey.com/index.php/skfs-home/skfs-how-to/skfs-policy-questions/update-policy

mansibudhiraja avatar Jan 31 '23 21:01 mansibudhiraja

@mansibudhiraja thanks, i got it working. But i want to add more domains. What steps I have to follow to do the same?

adityarao1 avatar Feb 01 '23 10:02 adityarao1

Hi @adityarao1,

We are in the process of updating the document on how to create and add a new domain and we will send you a link tomorrow as soon as its up.

mansibudhiraja avatar Feb 03 '23 01:02 mansibudhiraja

Hi @adityarao1, Our document is updated and here are the steps for you to create a new domain. https://docs.strongkey.com/index.php/skfs-home/skfs-how-to/skfs-operations/create-a-new-domain

PS: Our supporters are encouraged to get SKFS, its updates and support at SourceForge.

push2085 avatar Feb 04 '23 00:02 push2085