DIGIPASS Authentication for TAM - Vasco
DIGIPASS Authentication for TAM - Vasco
DIGIPASS Authentication for TAM - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
12 <strong>DIGIPASS</strong> <strong>Authentication</strong> <strong>for</strong> <strong>TAM</strong><br />
<strong>DIGIPASS</strong> <strong>Authentication</strong> <strong>for</strong> <strong>TAM</strong><br />
The DPX file is delivered by VASCO together with the tokens. It contains all the token<br />
related in<strong>for</strong>mation that goes into the LDAP server. The second file contains an entry <strong>for</strong><br />
each existing <strong>TAM</strong> user that needs a new or updated token. The tool basically generates<br />
the <strong>DIGIPASS</strong> subentry as shown above.<br />
5.5 THE <strong>DIGIPASS</strong> CDAS PROCESS<br />
The <strong>DIGIPASS</strong> CDAS is fully in line with the CDAS specification as listed in the WebSEAL<br />
Developers Reference guide. This means that it supports the following functions:<br />
xauthn_initialize()<br />
xauthn_shutdown()<br />
xauthn_authenticate()<br />
xauthn_change_password()<br />
Although the <strong>DIGIPASS</strong> CDAS can be used where step-up authentication is needed, it<br />
should be noted that in some cases the selection of the authentication mechanism is not<br />
necessarily controlled by the required authentication levels but merely by the fact that a<br />
user possesses a token or not. In such a case the <strong>DIGIPASS</strong> CDAS can be configured to<br />
support both username/password and one-time password. This is controlled by setting<br />
the LDAP attribute employeeType, as shown by the following screen dump.