DIGIPASS Authentication for TAM - Vasco
DIGIPASS Authentication for TAM - Vasco
DIGIPASS Authentication for TAM - Vasco
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
8 <strong>DIGIPASS</strong> <strong>Authentication</strong> <strong>for</strong> <strong>TAM</strong><br />
<strong>DIGIPASS</strong> <strong>Authentication</strong> <strong>for</strong> <strong>TAM</strong><br />
4 <strong>TAM</strong> and <strong>DIGIPASS</strong><br />
<strong>Authentication</strong><br />
This section describes the integration of Access Manager WebSEAL with VASCO <strong>DIGIPASS</strong><br />
tokens. This paper only contains a high level overview of the architecture and<br />
functionality. For more details we refer to the <strong>DIGIPASS</strong> CDAS Installation and<br />
Administration Guide.<br />
From a user’s perspective “User ID/pin code” authentication is very similar to<br />
username/password authentication. For this reasons it was decided to build the<br />
<strong>DIGIPASS</strong> CDAS as a username/password CDAS where the username would hold the<br />
user ID associated with the token and the password would reflect the one-time password<br />
(dynamic or static + dynamic).<br />
The following figure illustrates the architecture of the solution.<br />
1. The user retrieves his pincode from the token and enters it together with his<br />
user ID into the username/password login <strong>for</strong>m of WebSEAL<br />
2. WebSEAL <strong>for</strong>wards the authentication in<strong>for</strong>mation to the <strong>DIGIPASS</strong> CDAS<br />
3. The CDAS fetches the corresponding token in<strong>for</strong>mation from the <strong>TAM</strong> LDAP<br />
directory and verifies the authentication in<strong>for</strong>mation<br />
4. The CDAS write the updated token in<strong>for</strong>mation into the <strong>TAM</strong> LDAP directory<br />
5. The CDAS module passes the verified identity back to WebSEAL (or an<br />
authentication failure message)<br />
6. WebSEAL builds a valid internal credential <strong>for</strong> the user<br />
This illustrates the basic process flow of <strong>DIGIPASS</strong> authentication as carried out by the<br />
custom CDAS. There are however a couple of points that need more attention.