Unable to define multiple policies

[adityarao1]

I am creating two applications- android and IOS for fido authentication.
For this I have created two policies-

1. Minimal (Any Hardware Authenticator) and
2. Restricted (Apple PassKey)
   When I am calling the strong-key server for fido registration, it is always taking the 2nd policy.
   Are there any configuration level changes I have to do to make it work?
   Please suggest.

[mansibudhiraja]

Hi @adityarao1,

StrongKey FIDO Server (SKFS) manages the security policies with its Policy Module(PM) and if you are doing a default install, SKFS-PM creates eight different domains for SKFS with different policies.

Each cryptographic domain(did) can only have one policy being enforced at a time, so if you did add the two policies to the same domain, SKFS will most likely use the latest policy that was added.

Did you add two policies to the same domain?

If you do want to use two different policies, they have to be in two different domains. Once you have it set up with two domains, you can specify the right domain in the web service calls.

https://docs.strongkey.com/index.php/skfs-home/skfs-sample-code/skfs-api/skfs-rest/skfs-rest-preregister/skfs-rest-preregister-request

You can also look at the logs in the server.log in /usr/local/strongkey/payara5/glassfish/domains/domain1/logs folder or type in aslg and it will take you to the directory of your SKFS logs.

If you do want to use both your applications against the same domain then you will have to come up with a single policy that will be acceptable for both the applications.

You can always get and update the policy for any domain using the following links:
https://docs.strongkey.com/index.php/skfs-home/skfs-how-to/skfs-policy-questions/get-policy
https://docs.strongkey.com/index.php/skfs-home/skfs-how-to/skfs-policy-questions/update-policy

[adityarao1]

@mansibudhiraja thanks, i got it working. But i want to add more domains. What steps I have to follow to do the same?

[mansibudhiraja]

Hi @adityarao1,

We are in the process of updating the document on how to create and add a new domain and we will send you a link tomorrow as soon as its up.

[push2085]

Hi @adityarao1,
Our document is updated and here are the steps for you to create a new domain.
https://docs.strongkey.com/index.php/skfs-home/skfs-how-to/skfs-operations/create-a-new-domain

PS: Our supporters are encouraged to get SKFS, its updates and support at SourceForge.