DIGIPASS Authentication for TAM - Vasco

8 DIGIPASS Authentication for TAM
DIGIPASS Authentication for TAM
4 TAM and DIGIPASS
Authentication
This section describes the integration of Access Manager WebSEAL with VASCO DIGIPASS
tokens. This paper only contains a high level overview of the architecture and
functionality. For more details we refer to the DIGIPASS CDAS Installation and
Administration Guide.
From a user’s perspective “User ID/pin code” authentication is very similar to
username/password authentication. For this reasons it was decided to build the
DIGIPASS CDAS as a username/password CDAS where the username would hold the
user ID associated with the token and the password would reflect the one-time password
(dynamic or static + dynamic).
The following figure illustrates the architecture of the solution.
1. The user retrieves his pincode from the token and enters it together with his
user ID into the username/password login form of WebSEAL
2. WebSEAL forwards the authentication information to the DIGIPASS CDAS
3. The CDAS fetches the corresponding token information from the TAM LDAP
directory and verifies the authentication information
4. The CDAS write the updated token information into the TAM LDAP directory
5. The CDAS module passes the verified identity back to WebSEAL (or an
authentication failure message)
6. WebSEAL builds a valid internal credential for the user
This illustrates the basic process flow of DIGIPASS authentication as carried out by the
custom CDAS. There are however a couple of points that need more attention.