VACMAN Middleware Getting Started - Vasco
VACMAN Middleware Getting Started - Vasco
VACMAN Middleware Getting Started - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>VACMAN</strong> <strong>Middleware</strong> <strong>Getting</strong> <strong>Started</strong> Test Back-End Authentication<br />
4.3.1 Local and Back-End Authentication<br />
Local and back-end authentication means that both the Authentication Server and the RADIUS<br />
Server will authenticate a login. This allows RADIUS reply attributes to be retrieved from the<br />
RADIUS Server.<br />
In this scenario, it is normal to use the Password Autolearn and Stored Password Proxy<br />
features. With these features enabled, the Authentication Server will learn the user's RADIUS<br />
Server password, so that the user does not need to log in with both their password and<br />
Digipass One Time Password at each login. However, the first time that the user logs in, they<br />
will need to provide their RADIUS Server password so that the Authentication Server can learn<br />
it. In subsequent logins, they can just log in with their One Time Password and the<br />
Authentication Server will send the stored password to the RADIUS Server.<br />
The recommended Policy settings for Local and Back-End Authentication tests are:<br />
Local Auth. should be set to Digipass/Password.<br />
Back-End Auth. should be set to Always.<br />
Back-End Protocol must be set to RADIUS.<br />
Password Autolearn should be set to Yes.<br />
Stored Password Proxy should be set to Yes.<br />
4.3.2 Create Back-End Server Record<br />
The Authentication Server must be instructed where to find the RADIUS Server. Create a Back-<br />
End Server record as follows:<br />
1. Open the Administration MMC Interface.<br />
2. Click on the Back-End Servers node.<br />
The Back-End Servers list will be displayed in the Result pane.<br />
3. Right-click on the Back-End Servers node and select the New Back-End Server<br />
menu option.<br />
The New Back-End Server dialog will be displayed.<br />
4. Enter a display name for the Back-End Server in the Back-End Server ID field.<br />
5. Select RADIUS for the Protocol.<br />
6. Enter the Authentication and Accounting IP Address and Port values.<br />
7. Enter the Shared Secret that was configured in the RADIUS Client record in the<br />
RADIUS Server for <strong>VACMAN</strong> <strong>Middleware</strong>.<br />
8. Enter a suitable Timeout and No. of Retries.<br />
9. Click OK to create the record.<br />
10. If Active Directory is used as the data store, stop and start the Digipass Authentication<br />
Server service.<br />
© 2006 VASCO Data Security Inc. 20