Setting the correct RPID in the API server's settings

What to do if you see this error: "The replying party ID is not a registerable domain suffix of, nor equal to the current domain."

When setting up the SurePassID API server for Fido2, the Fido2 (webauthn) client, which operates in browsers, mobile phones, and workstations as part of the operating system, requires that the relying party ID from the SurePassID API server configuration settings (appsettings.json) matches the browser's origin, and it is case-sensitive. For instance, if the relying party ID is configured as Surepassid.com and the browser's origin is https://surepassid.com, the following error will occur.

image-png-Aug-20-2024-03-09-03-2221-PM

If the relying party ID is configured as surepassid.com and the browser's origin is https://surepassid.com, then you will not receive this error.

Here are a few more examples to consider:

If the relying party ID is set as surepassid.com and the origin is https://myfido.com, this error will occur.

If the relying party ID is myco.com, the origin can include https://myco.com, https://www.myco.com, or any subdomain like https://anything.myco.com.

If the relying party ID is mfa.myco.com, then the origin can only be https://mfa.myco.com or any subdomain like https://anything.mfa.myco.com.