Troubleshooting DIGIPASS Authentication for Windows Logon (DAWL) Off-line data uploading.
|
|
- Alannah Bond
- 5 years ago
- Views:
Transcription
1 KB Troubleshooting DIGIPASS Authentication for Windows Logon (DAWL) Off-line data uploading. Creation date: 21/11/2013 Last Review: 4/12/2014 Revision number: 2 Document type: Documentation Security status: EXTERNAL Summary Several Problems and conditions can prevent the correct uploading of Off-line Data from IDENTIKEY Server to the DAWL Client. This KB will explain the most common problems and possible solutions. Problem details. These are the conditions for IDENTIKEY Server to send Off-line data: IDENTIKEY Server must receive an authentication request from a DAWL client and The policy connected to the DAWL client must have Offline Auth Enabled : [Yes] and The user must have a DIGIPASS assigned and There must be valid Back-end authentication performed. When these conditions are met; IDENTIKEY Server will send the off-line data to the DAWL client. The data must be received correctly. Time-out on the connection is also a possible problem. If you enable the full trace file of IDENTIKEY Server you can verify if the first condition is met: Identikey must receive an authentication request from a DAWL client If you do not see the request in the trace file, then there may be a configuration problem on the DAWL client, or a network problem can be preventing the communication. Page 1 of 8
2 Depending on the settings in the DAWL Client (with or without DNS lookup see the screen shots above) you need to verify the IP address of the IDENTIKEY Server and/or the DNS record. Also verify if there are (personal) firewalls or malware preventing the use of the SEAL port (20004). If the request is entering the trace file, you can start looking for the other conditions that needs to be met: [2012/11/22 09:59: UTC][02932][MAJOR][0x ][ssl_accept] > No CA certificate store provided. [2012/11/22 09:59: UTC][02932][DEBUG][0x ][ssl_accept] > Applying setting: SSL_VERIFY_NONE [2012/11/22 09:59: UTC][02932][DEBUG][0x ][ssl_accept] > Applying setting: ~SSL_VERIFY_CLIENT_ONCE [2012/11/22 09:59: UTC][02932][RESRC][0x ][CListenSocket::accept] > Accepted connection <4> on < : 20004> from < : 58312> Here the connection is coming in [2012/11/22 09:59: UTC][02932][INFO ][0x ][SealFrontEndHandler::handleMessage] > Test socket <4> [2012/11/22 09:59: UTC][02932][INFO ][0x ][SealFrontEndHandler::handleMessage] > Test socket <4> [2012/11/22 09:59: UTC][02608][VINFO][0x000000B5][SealServer::receive] > Message received from < : 58312> size <47> bytes.. [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][ComponentLoader::fetchComponent] > Existing Component record [Identikey Server: ] returned from Component Cache [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][ComponentCheckUtils::checkServerComponent] > Scenario field <WindowsLogon> was successfully located in license. [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][ComponentCheckUtils::checkServerComponent] > Server component and license check succeeded [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][ComponentLoader::fetchComponent] > Existing Component record [Identikey Windows Logon Client:w7dawl.vdsi.local] returned from Component Cache In this case the client already existed [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][ComponentCheckUtils::checkClientComponent] > Client component check succeeded [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][ComponentCheckUtils::checkClientComponent] > Client license check succeeded [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][AuthenticateRequest::execute] > Processing user authentication request... [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][AuthenticateRequest::execute] > Fast authentication is <false> [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][AuthenticateRequest::execute] > Password format is [Cleartext combined] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > *** Effective Policy Settings *** [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Policy ID : [mytest] Policy usedby the client [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Parent Policy ID : [Windows Page 2 of 8
3 Logon Online and Offline Auth - Windows Back-End] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > DUR : [Yes] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Autolearn : [Yes] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Stored Pwd Proxy : [Yes] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Assignment Mode : [Neither] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Assign Search Up OU Path : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Grace Period : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Application Names : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Application Type : [No Restriction] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Digipass Types : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Local Authentication : [Digipass/Password] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > BackEnd Authentication : [Always] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > BackEnd Protocol ID : [Windows] Back-end is configured [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Default Domain : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Group List : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Group Check Mode : [No Check] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > User Lock Threshold : [3] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > One-Step Chall/Response : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > One-Step CR Chall Length : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > One-Step CR Check Digit : [1] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Backup VDP Enabled : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Backup VDP Maximum Days : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Backup VDP Max Uses : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Pin Change Allowed : [Yes] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Self-Assign Separator : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Challenge Request Method : [Keyword] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Challenge Request Keyword : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Primary VDP Rqst Method : [Password] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Primary VDP Rqst Keyword : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Backup VDP Rqst Method : [KeywordPassword] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Backup VDP Rqst Keyword : [otp] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > ITimeWindow : [20] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > STimeWindow : [20] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > EventWindow : [20] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > SyncWindow : [6] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > IThreshold : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > SThreshold : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Check Challenge : [1] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > OnlineSG : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Check Inactive Days : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Offline Auth Enabled : [Yes] Offline authentication is enabled [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Offline Time Interval : [2] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Offline Max Events : [300] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > DCR : [Yes] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Chg Win Pwd Enabled : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Chg Win Pwd Length : [16] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Client Group List : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Client Group Mode : [No Check] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > 2OTP Sync Enabled : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > VDP Delivery Method : [SMS] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Reply Radius Attribute Enabled : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Radius Attribute Group List : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Radius Allowed Protocols : [Any] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Radius Session Lifetime : [3600] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Radius Session Ticket Lifetime : [86400] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Radius Session Ticket Reuse : [48] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Radius Session Group List : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Diff To Prev : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Min Length : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Min Lower Alpha : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Min Upper Alpha : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Min Number : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Min Symbol : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Static Password Not UserId Based : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Multi Digipass Application Mode : [Multiple DIGIPASS Applications Allowed] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > Privileged Users : [Reject] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Policy::traceDetails] > ********************************* [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][UserChecks::resolveUserAndGroupCheck] > userid is [test2] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][UserChecks::resolveUserAndGroupCheck] > domain is [vdsi.local] Page 3 of 8
4 [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][ODBCStorageConnector::connect] > Trying to connect to the ODBC data source [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][UserChecks::userChecks] > Digipass User account found [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][UserChecks::userChecks] > Checking User login inactivity: 'true' [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][UserChecks::userChecks] > User login inactivity time: [0] [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][UserChecks::userChecks] > Setting m_userchecksstate to [User Exists] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > *** User Details *** [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > User ID : [test2] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Mobile no. : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > . : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Domain : [vdsi.local] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Org Unit : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > LDAP DN : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Local Auth : [Digipass/Password] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Back End Auth : [Always]Here some policy settings can be overruled by the user settings (wich is not the case here) [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Offline Auth Enabled : [Yes] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Use DP from UserID : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Use DP from domain : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > Use DP from LDAP DN: [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][User::traceDetails] > ******************** [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][UserChecks::adminPrivilegeCheck] > 'Privileged Users' policy setting set to 'Reject' however this user does not have administrative privileges. The admin privilege check for this user has therefore succeeded. [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][LocalAuthenticationChecks::localVerification] > Length of password entered is [6] bytes [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::PrepareSQL] > Prepared SQL statement "SELECT vdsdomain, vdsserialno, vdsorgunit, vdsdptype, vdsgpexpires, vdsbvdpenabled, vdsbvdpexpires, vdsbvdpusesleft, vdsuserid, vdsdpsoftparamsid, vdsactivlocs, vdsactivcount, vdslastactivtime FROM vdsdigipass WHERE (vdsdomain =?) AND vdsorgunit IS NULL AND (vdsuserid =?) ORDER BY vdsdomain, vdsserialno, vdsdpdescription" [2012/11/22 09:59: UTC][02608][LOCAT][0x ][ODBCStatement::BindString] > Encoding of string: UTF-16LE [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindString] > Bound parameter 1 to string "vdsi.local" [2012/11/22 09:59: UTC][02608][LOCAT][0x ][ODBCStatement::BindString] > Encoding of string: UTF-16LE [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindString] > Bound parameter 2 to string "test2" [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCResultSet::GetRowCount] > Returned row-count 1 [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::PrepareSQL] > Prepared SQL statement "SELECT vdsdpapplication.vdsserialno, vdsdpapplication.vdsapplname, vdsdpapplication.vdsapplno, vdsdpapplication.vdsappltype, vdsdpapplication.vdsactive, vdsdpapplication.vdsblob, vdsdigipass.vdsdomain, vdsdigipass.vdsorgunit, vdsdigipass.vdsuserid, vdsdpapplication.vdscreatetime, vdsdpapplication.vdsmodifytime, vdsdpapplication.vdsstoragekeyid, vdsdpapplication.vdssensitivekeyid FROM (vdsdpapplication INNER JOIN vdsdigipass ON (vdsdpapplication.vdsserialno = vdsdigipass.vdsserialno)) WHERE (vdsdpapplication.vdsserialno =?) ORDER BY vdsdpapplication.vdsserialno, vdsdpapplication.vdsapplname" [2012/11/22 09:59: UTC][02608][LOCAT][0x ][ODBCStatement::BindString] > Encoding of string: UTF-16LE [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindString] > Bound parameter 1 to string "VES " [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCResultSet::GetRowCount] > Returned row-count 1 [2012/11/22 09:59: UTC][02608][LOCAT][0x000000B6][ODBCStorageConnector::sensitiveFieldAttribute] > Field ID [8 - vdsblob] in attribute type [Digipass Application] is encrypted. [2012/11/22 09:59: UTC][02608][LOCAT][0x000000B6][ODBCStorageConnector::sensitiveFieldAttribute] > Field ID [8 - vdsblob] in attribute type [Digipass Application] is sensitive. [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][vasco::CryptoEngine::storageDecrypt] > Decrypting digipass Blob. [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][vasco::CryptoEngine::storageDecrypt] > Decrypting digipass Blob. [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][vasco::CryptoEngine::decryptWithEmbeddedProvider] > Decrypt the content using embedded crypto provider. [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][SoftwareCryptoBase::preDecryptProcess] > First 2 byte of cipher text 0x[00] 0x[0A] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][SoftwareCryptoBase::custom_aes128cbc_key_derive] > Block size for aes is [16] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][vasco::CryptoEngine::decryptWithEmbeddedProvider] > Data is decrypted using embedded crypto provider. [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > *** Digipass Details *** [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Serial No. : [VES ] Digipass for user found. User has Digipass assigned [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Domin : [vdsi.local] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Org Unit : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > LDAP DN : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Backup VDP Enabled : [No] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Grace Period Expiry : [2012/10/10] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Backup VDP Expiry : [] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > Backup VDP Uses Left: [] Page 4 of 8
5 [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][Digipass::traceDetails] > ************************ [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::PrepareSQL] > Prepared SQL statement "SELECT vdscomponenttype, vdslocation, vdsdomain, vdsuserid, vdsserialno, vdseventwindow, vdseventcounter, vdsregenrequired, vdsstarttime, vdsendtime, vdscreatetime, vdsmodifytime FROM vdsofflinedata WHERE (vdsdomain =?) AND (vdsuserid =?) ORDER BY vdscomponenttype, vdslocation, vdsdomain, vdsuserid, vdsserialno" [2012/11/22 09:59: UTC][02608][LOCAT][0x ][ODBCStatement::BindString] > Encoding of string: UTF-16LE [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindString] > Bound parameter 1 to string "vdsi.local" [2012/11/22 09:59: UTC][02608][LOCAT][0x ][ODBCStatement::BindString] > Encoding of string: UTF-16LE [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindString] > Bound parameter 2 to string "test2" [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCResultSet::GetRowCount] > Returned row-count 0 [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][DigipassAppl::verifyPlainTextOTPCombined] > Combined parameters. [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][DigipassList::verifyResponse] > Response verification has been successful for digipass VES Here we can see that the OTP has been accepted [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][LocalAuthenticationChecks::doResponseChecking] > Set localauthstate to [Success - Existing DIGIPASS] [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > Fast authentication is <false>, will try to do backend auth [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > Password format is [Cleartext combined] [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > No password was entered [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > Stored Password Proxy is on - extracting password [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > Length of static password for back-end authentication is [4]Here we see that the stored static password is not empty. We see the length of the static password used (for back-end authentication) [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][BackEndSelector::getServerList] > Cached backend server list contains no servers for protocol ID <Windows> domain <vdsi.local> [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > Authenticating user with backend authenticator. Auth params are: {User ID : test2} {Password : ********} {Domain Name : vdsi.local} {Password Format : 0} {Static Password : ********} {Component Type : Identikey Windows Logon Client} Server list is: 0 attributes [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][WindowsBackEndAuthenticator::authenticate] > User ID : test2 [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][WindowsBackEndAuthenticator::authenticate] > Domain : vdsi.local [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][WindowsBackEndAuthenticator::authenticate] > Logon-Provider: Standard [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][WindowsBackEndAuthenticator::authenticate] > Successful Windows Authentication: 1 [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][BackEndAuthenticationChecks::backEndVerification] > Setting m_backendauthstate to [Success] Back end authentication succeeded [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][LocalAuthenticationChecks::generateOfflineAuthData] > Generating offline authentication data [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][LocalAuthenticationChecks::generateOfflineAuthData] > Generating encrypted offline data Page 5 of 8
6 [2012/11/22 09:59: UTC][02608][INFO ][0x ][SoftwareCryptoBase::legacy_encrypt] > Encrypting data using different cipher <7> to current configuration <7> [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][LocalAuthenticationChecks::generateOfflineAuthData] > Generating offline state data [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][LocalAuthenticationChecks::generateOfflineAuthHashData] > Generating offline hash data [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][LocalAuthenticationChecks::generateOfflineAuthData] > Offline authentication data generated successfully. [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B6][AuthenticateRequest::calculateExitState] > User checks state is [User Exists], local auth state is [Success - Existing DIGIPASS], backend auth state is [Success] [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][AuthenticateRequest::dbUpdate] > Fast authentication is <false> [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > *** OfflineData Details *** [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Component Type : [Identikey Windows Logon Client] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Component Location : [w7dawl.vdsi.local] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Domain Name : [vdsi.local] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > User Id : [test2] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Digipass Serial No : [VES ] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Event Window : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Event Counter : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Start Time : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > End Time : [0] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > Regen Required : [2] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][OfflineData::traceDetails] > ******************** [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][User::createOfflineData] > Created Offline Data record [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][DigipassList::update] > Updating 1 digipasses. [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getKeyData] > key [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMStorageDataKey] > SSM Storage [2012/11/22 09:59: UTC][02608][DEBUG][0x ][ODBCConnection::TransactionStart] > Starting transaction [2012/11/22 09:59: UTC][02608][LOCAT][0x000000B6][ODBCStorageConnector::sensitiveFieldAttribute] > Field ID [8 - vdsblob] in attribute type [Digipass Application] is encrypted. [2012/11/22 09:59: UTC][02608][LOCAT][0x000000B6][ODBCStorageConnector::sensitiveFieldAttribute] > Field ID [8 - vdsblob] in attribute type [Digipass Application] is sensitive. [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][CryptoKeyLoader::getDefaultKeyData] > Default key usage [0] found in the cache [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][CryptoKeyDataFactory::createSSMSensitiveDataKey] > SSM Sensitive [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][SoftwareCryptoBase::legacy_custom_encrypt_aes128cbc] > aes_128_cbc block size [16] [2012/11/22 09:59: UTC][02608][DATA ][0x000000B6][SoftwareCryptoBase::custom_aes128cbc_key_derive] > Block size for aes is [16] [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::PrepareSQL] > Prepared SQL statement "UPDATE vdsdpapplication SET vdsapplno =?, vdsappltype =?, vdsactive =?, vdsblob =?, vdsmodifytime =?, vdsstoragekeyid =?, vdssensitivekeyid =? WHERE (vdsserialno =?) AND (vdsapplname =?)"Database is updated with the Page 6 of 8
7 new data [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindInteger] > Bound parameter 1 to integer 1 [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindInteger] > Bound parameter 2 to integer 0 [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindInteger] > Bound parameter 3 to integer 1 [2012/11/22 09:59: UTC][02608][LOCAT][0x ][ODBCStatement::BindString] > Encoding of string: UTF-16LE [2012/11/22 09:59: UTC][02608][DATA ][0x ][ODBCStatement::BindString] > Bound parameter 4 to string "********" [2012/11/22 09:59: UTC][02608][VINFO][0x ][Distributor::acquireConnection] > Node.Connector allocated [2012/11/22 09:59: UTC][02608][VINFO][0x ][Distributor::releaseConnection] > Node.Connector released [2012/11/22 09:59: UTC][02608][MAJOR][0x ][alert_record] > plugin not initialized [2012/11/22 09:59: UTC][02608][INFO ][0x ][adt_record] > Audit: {Success} {Authentication} {S } {User authentication was successful.} {0xD4DA89232BCCAB9F7DBCA5BA09579C80} [2012/11/22 09:59: UTC][02608][INFO ][0x ][adt_record] > Audit: {Policy ID:mytest, User ID:test2, Domain:vdsi.local, Input Details: {User ID : test2} {Password : ********} {Domain Name : vdsi.local} {Password Format : 0} {Component Type : Identikey Windows Logon Client}, Output Details: {User ID : test2} {Domain Name : vdsi.local} {Static Password : ********} {State Data : ********} {Hash Data : ********} {Hash Data Type : 2} {Encrypted Offline Data : ********} {Notification that a user has a token assigned : ********}, Serial No:VES , Application:AUTHENTICATE, Local Authentication:yes, Back-End Authentication:Windows, Source Location: , Client Location:w7dawl.vdsi.local, Client Type:Identikey Windows Logon Client} [2012/11/22 09:59: UTC][02608][VINFO][0x ][Distributor::acquireConnection] > Node.Connector allocated [2012/11/22 09:59: UTC][02608][VINFO][0x ][Distributor::releaseConnection] > Node.Connector released [2012/11/22 09:59: UTC][02608][MAJOR][0x ][alert_record] > plugin not initialized [2012/11/22 09:59: UTC][02608][INFO ][0x000000B6][AuthenticateRequest::execute] > User authentication request - exit state [Success] [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][CommandTask::process] > Finished executing scenario command, results are: ===================Command Results======================== <Result Codes: { Status Code: 'Call completed successfully (0)' ; Return Code: 'Success (0)' }> <Results: {User ID : test2} {Domain Name : vdsi.local} {Static Password : ********} {State Data : ********} {Hash Data : ********} {Hash Data Type : 2} {Encrypted Offline Data : ********} {Notification that a user has a token assigned : ********}> <Error stack: > ========================================================== [2012/11/22 09:59: UTC][02608][VINFO][0x000000B6][SealServer::send] > Message sent to < : 58312> size <135743> bytes Response is send to DAWL client [2012/11/22 09:59: UTC][02608][COUNT][0x ][ODBCConnection::Release] > Connection released [2012/11/22 09:59: UTC][02932][INFO ][0x ][SealFrontEndHandler::handleMessage] > Test socket <4> [2012/11/22 09:59: UTC][02608][VINFO][0x000000B7][SealServer::receive] > Message received from < : 58312> size <311> bytes [2012/11/22 09:59: UTC][02608][DEBUG][0x000000B7][SealMessageAdapter::SealMessageAdapter] > Tracing is configured for SealMessageAdapter [2012/11/22 09:59: UTC][02608][VINFO][0x000000B7][CommandTask::process] > Executing scenario command, passing command parameters: <Command Key: 'Object:'Credentials', Command:'Confirm Offline Data''> <Command Parameters: ' Type:Identikey Windows Logon Client, Source Location: } [2012/11/22 09:59: UTC][02608][VINFO][0x ][Distributor::acquireConnection] > Node.Connector allocated [2012/11/22 09:59: UTC][02608][VINFO][0x ][Distributor::releaseConnection] > Node.Connector released [2012/11/22 09:59: UTC][02608][MAJOR][0x ][alert_record] > plugin not initialized [2012/11/22 09:59: UTC][02608][VINFO][0x000000B7][CommandTask::process] > Finished executing scenario command, results are: ===================Command Results======================== <Result Codes: { Status Code: 'Call completed successfully (0)' ; Return Code: 'Success (0)' }> <Results: > <Error stack: > Page 7 of 8
8 ========================================================== [2012/11/22 09:59: UTC][02608][VINFO][0x000000B7][SealServer::send] > Message sent to < : 58312> size <63> bytes [2012/11/22 09:59: UTC][02608][COUNT][0x ][ODBCConnection::Release] > Connection released [2012/11/22 09:59: UTC][02932][INFO ][0x ][SealFrontEndHandler::handleMessage] > Test socket <4> [2012/11/22 09:59: UTC][02608][MINOR][0x ][CStreamSocket::read] > Socket <4> closed at other end - read cancelled [2012/11/22 09:59: UTC][02608][MINOR][0x000000B8][SealMessageTask::process] > SEAL connection was closed by the remote end This error message indicates that there was a problem sending the reply. Probably because the connection timed out. In case the connection times out, verify that the time out settings on the DAWL client are set to maximum (30s) Another way to prevent time-out is to limit the amount of off-line data that needs to be sent to the DAWL Client. The amount of off-line date to be sent is determined in the policy: (The larger these number, the bigger the off-line data, the longer it takes to create and send it to the DAWL client) Page 8 of 8
How to enable and read the full trace file for IDENTIKEY Authentication Server 3.4, step by step.
KB 160032 How to enable and read the full trace file for IDENTIKEY Authentication Server 3.4, step by step. Creation date: 10/09/2013 Last Review: 10/09/2013 Revision number: 2 Document type: How To Security
More informationHow to enable and read the full trace file for IDENTIKEY Authentication Server 3.1, step by step.
KB 150021 How to enable and read the full trace file for IDENTIKEY Authentication Server 3.1, step by step. Creation date: 27/11/2009 Last Review: 10/12/2012 Revision number: 3 Document type: How To Security
More informationDIGIPASS Authentication for O2 Succendo
DIGIPASS Authentication for O2 Succendo for IDENTIKEY Authentication Server IDENTIKEY Appliance 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 30 Disclaimer Disclaimer of
More informationModify these field values (right-click and select Fields) to change text throughout the document:
Modify these field values (right-click and select Fields) to change text throughout the document: NOTE: Diagrams may appear or disappear depending on these field settings so BE CAREFUL adding and removing
More informationDIGIPASS Authentication for Check Point VPN-1
DIGIPASS Authentication for Check Point VPN-1 With Vasco VACMAN Middleware 3.0 2007 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 51 Disclaimer Disclaimer of Warranties and
More informationSteel-Belted RADIUS. Digipass Plug-In for SBR. SBR Plug-In SBR. G etting Started
Steel-Belted RADIUS Digipass Plug-In for SBR SBR Plug-In SBR Steel-Belted RADIUS G etting Started Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities
More informationAuthenticate an IIS Forms page with DIGIPASS Authentication Module for OWA. Creation date: 17/06/2016 Last Review: 17/06/2016 Revision number: 2
KB 160091 Authenticate an IIS Forms page with DIGIPASS Authentication Module for OWA Creation date: 17/06/2016 Last Review: 17/06/2016 Revision number: 2 Document type: How To Security status: EXTERNAL
More informationGiovanni Carnovale Technical Account Manager Southeast Europe VASCO Data Security
Giovanni Carnovale Technical Account Manager Southeast Europe The concept of strong authentication Something you have Something you know We authenticate the world 2 Authenticate where? We authenticate
More informationDIGIPASS Authentication for Cisco ASA 5500 Series
DIGIPASS Authentication for Cisco ASA 5500 Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 35 Integration Guideline Disclaimer Disclaimer of Warranties
More informationDIGIPASS Authentication to Citrix XenDesktop with endpoint protection
DIGIPASS Authentication to Citrix XenDesktop with endpoint protection SmartAccess Configuration with Digipass INTEGRATION GUIDE Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information
More informationProduct Guide. Digipass Plug-In for IAS. IAS Plug-In. Digipass Extension for Active Directory Users and Computers. Administration MMC Interface IAS
Digipass Plug-In for IAS IAS Plug-In Digipass Extension for Active Directory Users and Computers Administration MMC Interface IAS Microsoft's Internet Authentication Service Product Guide Disclaimer of
More informationDIGIPASS Authentication for Check Point VPN-1
DIGIPASS Authentication for Check Point VPN-1 With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 36 Disclaimer Disclaimer of Warranties and Limitations
More informationDIGIPASS Authentication for NETASQ
DIGIPASS Authentication for NETASQ With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 19 Disclaimer Disclaimer of Warranties and Limitations of Liabilities
More informationClientNet. Portal Admin Guide
ClientNet Portal Admin Guide Document Revision Date: June 5, 2013 ClientNet Portal Admin Guide i Contents Introduction to the Portal... 1 About the Portal... 1 Logging On and Off the Portal... 1 Language
More informationaxsguard Identifier Product Guide Product Guide axsguard AXSGuard ConfigurationTool
Product Guide axsguard AXSGuard ConfigurationTool 0 2009 Product Guide axsguard Identifier axsguard Identifier axsguard Identifier DIGIPASS ConfigurationTool v1.5 0.1 axsguard Identifier Product Guide
More informationDIGIPASS Authentication for F5 BIG-IP
DIGIPASS Authentication for F5 BIG-IP With VASCO VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 37 Integration Guideline Disclaimer Disclaimer of Warranties and Limitations
More informationDIGIPASS en/de-cryption problem after migration from IDENTIKEY Authentication Server 3.2 AD to 3.4 AD.
KB 120159 DIGIPASS en/de-cryption problem after migration from IDENTIKEY Authentication Server 3.2 AD to 3.4 AD. Creation date: 05/10/2012 Last Review: 12/12/2012 Revision number: 2 Document type: How
More informationCreation date: 19/03/2010 Last Review: 08/06/2010 Revision number: 3
KB 110064 How To install a Citrix or OWA Filter with axsguard Identifier? Creation date: 19/03/2010 Last Review: 08/06/2010 Revision number: 3 Document type: How To Security status: EXTERNAL Summary This
More informationCredential Policy CHAPTER
CHAPTER 21 Cisco Unified Communications Manager authenticates user login credentials before allowing system access. To help secure user accounts, you can specify settings for failed logon attempts, lockout
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or later to Cisco ISE, Release 2.2., page 1 Supported
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from, Release 5.5 or later to Cisco ISE, Release 2.3., page 1 Supported Data Objects for
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or later to Cisco ISE, Release 2.3., on page 1 Supported
More informationDIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007
DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007 With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations
More informationPasswordstate Mobile Client Manual Click Studios (SA) Pty Ltd
2 Table of Contents Foreword 0 Part I Introduction 3 Part II User Preferences 3 Part III System Settings 4 Part IV Mobile Client Permissions 6 Part V Mobile Client Usage 8 Introduction 1 3 Introduction
More informationLogon to Windows Vista using smartcard and CertiID in a Windows 2008 environment.
KB 140013 Logon to Windows Vista using smartcard and CertiID in a Windows 2008 environment. Creation date: 15/05/2009 Last Review: 02/06/2009 Revision number: 2 Document type: How To Security status: EXTERNAL
More informationDIGIPASS Authentication for Citrix Access Essentials Web Interface
DIGIPASS Authentication for Citrix Access Essentials Web Interface With VASCO Digipass Pack for Citrix DIGIPASS Authentication for Citrix Access Essentials - Integration Guideline V1.0 2006 VASCO Data
More informationBlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide
BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0 Administration Guide SWDT487521-636611-0528041049-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry
More informationCreation date: 23/06/2017 Last Review: 23/06/2017 Revision number: 2
KB 160125 IDENTIKEY Authentication Server (IAS) 3.12 Introduces Maker/Checker Authorization. This article describes how it works, how to configure it and how to test it. Creation date: 23/06/2017 Last
More informationSSL VPN - IPv6 Support
The feature implements support for IPv6 transport over IPv4 SSL VPN session between a client, such as Cisco AnyConnect Mobility Client, and SSL VPN. Finding Feature Information, on page 1 Prerequisites
More informationSYSLOG Enhancements for Cisco IOS EasyVPN Server
SYSLOG Enhancements for Cisco IOS EasyVPN Server In some situations the complexity or cost of the authentication, authorization, and accounting (AAA) server prohibits its use, but one of its key function
More informationRemote Support Security Provider Integration: RADIUS Server
Remote Support Security Provider Integration: RADIUS Server 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks
More informationSSL VPN - IPv6 Support
The feature implements support for IPv6 transport over IPv4 SSL VPN session between a client, such as Cisco AnyConnect Mobility Client, and SSL VPN. Finding Feature Information, page 1 Prerequisites for,
More informationExternal Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
More informationCiphermail Gateway PDF Encryption Setup Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway PDF Encryption Setup Guide April 4, 2016, Rev: 5454 Copyright c 2008-2016, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Portal 4 3 PDF encryption
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or later to Cisco ISE, Release 2.1., page 1 Migrated
More informationRunning TCL Scripts on an IDENTIKEY Appliance. Creation date: 24/06/2016 Last Review: 26/07/2016 Revision number: 2
KB 160094 Running TCL Scripts on an IDENTIKEY Appliance Creation date: 24/06/2016 Last Review: 26/07/2016 Revision number: 2 Document type: How To Security status: EXTERNAL Summary Executing a TCL script
More informationEkran System v.6.0 Privileged User Accounts and Sessions (PASM)
Ekran System v.6.0 Privileged User Accounts and Sessions (PASM) Table of Contents About... 3 Using Privileged User Accounts... 4 Password Vault Configuration... 5 Defining Domain Administrator Credentials...
More informationSecurity Provider Integration RADIUS Server
Security Provider Integration RADIUS Server 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property
More informationKerberos V5. Raj Jain. Washington University in St. Louis
Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/ 11-1
More informationNetConnect to GlobalProtect Migration Tech Note PAN-OS 4.1
NetConnect to GlobalProtect Migration Tech Note PAN-OS 4.1 Revision A 2011, Palo Alto Networks, Inc. Contents Overview... 3 GlobalProtect Overview... 3 LICENSING... 3 UPGRADE... 3 Understanding the Migrated
More informationGetting Started with OmniVista Security
Getting Started with OmniVista Security Getting Started with OmniVista Security The Users and User Groups application enables you to control user access to OmniVista and to network switches. Access to
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationSelecting Software Packages for Secure Database Installations
Selecting Software Packages for Secure Database Installations Afonso Araújo Neto, Marco Vieira This document includes complementary information for the paper Selecting Software Packages for Secure Database
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or later to Cisco ISE, Release 2.1., on page 1 Migrated
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or 5.6 to Cisco ISE, Release 2.0., page 1 Migrated Data
More informationUser Management in Resource Manager
CHAPTER 8 This section describes how to manage user profiles. Topics in this section include: Overview of User Management, page 8-1 Using User Management, page 8-1 Overview of User Management In Resource
More informationVACMAN, Identikey, axs GUARD and Digipass are registered trademarks of VASCO Data Security International Inc.
Modify these field values (right-click and select Fields) to change text throughout the document: 2008 Digipass Authentication for OWA 2007 IIS 6 Module Internet Information Services IIS Authentication
More informationExternal Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale
More informationFileCruiser. Administrator Portal Guide
FileCruiser Administrator Portal Guide Contents Administrator Portal Guide Contents Login to the Administration Portal 1 Home 2 Capacity Overview 2 Menu Features 3 OU Space/Team Space/Personal Space Usage
More informationDIGIPASS. Authentication for Epic Hyperspace Administrator Guide 3.6
DIGIPASS Authentication for Epic Hyperspace Administrator Guide 3.6 Disclaimer Disclaimer of Warranties and Limitations of Liabilities Legal Notices Copyright 2015 VASCO Data Security, Inc., VASCO Data
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or 5.6 to Cisco ISE, Release 1.4., page 1 Migrated Data
More informationCreation date: 03/01/2011 Last Review: 12/12/2012 Revision number: 3
KB 160004 How to define custom reports in IDENTIKEY Server? Creation date: 03/01/2011 Last Review: 12/12/2012 Revision number: 3 Document type: How To Security status: EXTERNAL Summary IDENTIKEY Authentication
More informationIVE Quick Startup Guide - OS 4.0
IVE Quick Startup Guide - OS 4.0 Initial Setup Once you receive the IVE device, unpack the IVE and connect it to a PC or Laptop using the console (null modem) cable provided with the IVE. You have to connect
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos This talk is Based on Tim Madin
More informationQUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because
1 RSA - 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new
More informationPerceptive Matching Engine
Perceptive Matching Engine Advanced Design and Setup Guide Version: 1.0.x Written by: Product Development, R&D Date: January 2018 2018 Hyland Software, Inc. and its affiliates. Table of Contents Overview...
More informationRSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]
s@lm@n RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ] Question No : 1 An RSA SecurID tokencode is unique for each successful authentication
More informationLDAP Directory Integration
LDAP Server Name, Address, and Profile Configuration, on page 1 with Cisco Unified Communications Manager Task List, on page 1 for Contact Searches on XMPP Clients, on page 6 LDAP Server Name, Address,
More informationSecret Server Web Services API Guide
Table of Contents Overview... 1 Accessing Web Services... 1 Concepts... 1 Token... 1 s... 2 Windows Authentication... 2 Common... 2 Sample Code... 3 Web Service Methods... 3 AddDependency... 3 AddNewSecret...
More informationRSA Authentication Manager 7.1 Administrator s Guide
RSA Authentication Manager 7.1 Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA
More informationManagement Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:
This chapter contains the following sections:, page 1 About the Management GUI, page 1 About the CLI, page 1 User Login Menu Options, page 2 Customizing the GUI and CLI Banners, page 3 REST API, page 3
More informationNetwork Performance Analysis System. User Guide
Network Performance Analysis System User Guide Copyrig ht Copyright 2018 Colasoft. All rights reserved. Information in this document is subject to change without notice. No part of this document may be
More informationDigital Certificate Service (DCS) - User Guide
Digital Certificate Service (DCS) - User Guide Information Security Branch Contents Using this Guide... 3 User Requirements... 3 Secure E-mail Messaging... 4 Send a Secure E-mail Message... 4 Receive a
More informationSSL VPN. Finding Feature Information. Prerequisites for SSL VPN
provides support in the Cisco IOS software for remote user access to enterprise networks from anywhere on the Internet. Remote access is provided through a Secure Socket Layer (SSL)-enabled SSL VPN gateway.
More informationConfigure AnyConnect Secure Mobility Client using One-Time Password (OTP) for Twofactor Authentication on an ASA
Configure AnyConnect Secure Mobility Client using One-Time Password (OTP) for Twofactor Authentication on an ASA Contents Introduction Prerequisites Requirements Components Used Background Information
More informationSteel Belted Radius. Release Notes SBR 6.24 Build 1. Release, Build Published Document Version Build 1 May,
Steel Belted Radius Release Notes SBR 6.24 Build 1 Release, Build Published Document Version 6.24 Build 1 May, 2017 2.0 Contents Steel-Belted Radius Release - 6.2 Release Notes... 3 System Requirements...
More informationBarracuda Firewall Release Notes 6.6.X
Please Read Before Upgrading Before installing the new firmware version, back up your configuration and read all of the release notes that apply to the versions that are more current than the version that
More informationSSH Algorithms for Common Criteria Certification
The feature provides the list and order of the algorithms that are allowed for Common Criteria Certification. This module describes how to configure the encryption, Message Authentication Code (MAC), and
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationASA AnyConnect Double Authentication with Certificate Validation, Mapping, and Pre Fill Configuration Guide
ASA AnyConnect Double Authentication with Certificate Validation, Mapping, and Pre Fill Configuration Guide Document ID: 116111 Contributed by Michal Garcarz, Cisco TAC Engineer. Jun 13, 2013 Contents
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationBarracuda Web Application Firewall Foundation - WAF01. Lab Guide
Barracuda Web Application Firewall Foundation - WAF01 Lab Guide Official training material for Barracuda certified trainings and Autorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com
More informationSecret Server SOAP Web Services API Guide
Secret Server SOAP Web Services API Guide Table of Contents Overview... 1 Accessing Web Services... 1 Concepts... 1 Token... 1 s... 2 Windows Authentication... 2 Common... 2 Sample Code... 3 Web Service
More informationUser Guide. Version R92. English
AuthAnvil User Guide Version R92 English October 9, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationVII. Corente Services SSL Client
VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Table of Contents Preface... 5 I. Introduction... 6 Chapter 1. Requirements...
More informationODYSSEY. cryptic by intent. Snorkel-TX. Feature Highlights & Technical Specifications. Odyssey Technologies Ltd.
Snorkel-TX Feature Highlights & Technical Specifications Snorkel-TX is a powerful transaction security server that enables failsafe authentication, access control, non-repudiation and integrity for web
More informationLogging into the Firepower System
The following topics describe how to log into the Firepower System: Firepower System User Accounts, on page 1 User Interfaces in Firepower Management Center Deployments, on page 3 Logging Into the Firepower
More informationConfiguring Virtual Servers
3 CHAPTER This section provides an overview of server load balancing and procedures for configuring virtual servers for load balancing on an ACE appliance. Note When you use the ACE CLI to configure named
More informationSQL Server Security. Marek
SQL Server Security Marek Chmel Lead Database Administrator @ AT&T MVP: Data Platform MCSE: Data Management and Analytics MCT: Regional Lead Certified Ethical Hacker CEHv8 marek.chmel@technet.ms @MarekChmel
More informationRadius, LDAP, Radius used in Authenticating Users
CSCD 303 Lecture 5 Fall 2017 Kerberos Radius, LDAP, Radius used in Authenticating Users Introduction to Centralized Authentication Kerberos is for authentication only and provides Single Sign-on (SSO)
More informationINTEGRATION GUIDE. DIGIPASS Authentication for VMware View
INTEGRATION GUIDE DIGIPASS Authentication for VMware View Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security
More informationVyapin Office 365 Management Suite
Vyapin Office 365 Management Suite Last Updated: December 2015 Copyright 2015 Vyapin Software Systems Private Limited. All rights reserved. This document is being furnished by Vyapin Software Systems Private
More informationUsing the Certificate Authority Proxy Function
CHAPTER 10 This chapter provides information on the following topics: Certificate Authority Proxy Function Overview, page 10-1 Cisco Unified IP Phone and CAPF Interaction, page 10-2 CAPF Interaction with
More informationOpenProject AdminGuide
OpenProject AdminGuide I. Contents I. Contents... 1 II. List of figures... 2 1 Administration... 2 1.1 Manage projects...2 1.2 Manage users...5 1.3 Manage groups...11 1.4 Manage roles and permissions...13
More informationExam : JN Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam. Version : Demo
Exam : JN0-561 Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam Version : Demo 1. Which model does not support clustering? A. SA700 B. SA2000 C. SA4000 D. SA6000 Answer: A 2. What is a
More informationMessage Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
More informationMcAfee Gateway Appliance Patch 7.5.3
Release Notes McAfee Email Gateway Appliance Patch 7.5.3 Contents About this release Resolved issues Installation - incremental package Installation - full images Known issues Find product documentation
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More information4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.
4TRESS AAA Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook Document Version 2.3 Released May 2013 hidglobal.com Table of Contents List of Figures... 3 1.0 Introduction...
More informationConfiguring Easy VPN Services on the ASA 5505
CHAPTER 67 Configuring Easy VPN Services on the ASA 5505 This chapter describes how to configure the ASA 5505 as an Easy VPN hardware client. This chapter assumes you have configured the switch ports and
More informationWebsitePanel User Guide
WebsitePanel User Guide User role in WebsitePanel is the last security level in roles hierarchy. Users are created by reseller and they are consumers of hosting services. Users are able to create and manage
More informationBlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide
BlackBerry Enterprise Server for Microsoft Office 365 Version: 1.0 Administration Guide Published: 2013-01-29 SWD-20130131125552322 Contents 1 Related resources... 18 2 About BlackBerry Enterprise Server
More informationGuest Management. Overview CHAPTER
CHAPTER 20 This chapter provides information on how to manage guest and sponsor accounts and create guest policies. This chapter contains: Overview, page 20-1 Functional Description, page 20-2 Guest Licensing,
More informationUser Guide. Version R94. English
AuthAnvil User Guide Version R94 English March 8, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated
More informationFTD MERCURY X2 IMPLEMENTATION GUIDE FOR PA-DSS
FTD MERCURY X2 IMPLEMENTATION GUIDE FOR PA-DSS FTD Mercury X2 Implementation Guide for PA-DSS 2010 Florists Transworld Delivery, Inc. All Rights Reserved. Last Updated: March 1, 2010 Last Reviewed: February
More informationEnhancements Added support for VLProxy thread dumps in support bundles. Requires VersaLex or later.
* RELEASE 2.9-2011/11/14 * - Added support for VLProxy thread dumps in support bundles. Requires VersaLex 4.3.42 or later. - VLProxy takes approximately 90 seconds to recognize that a VLTrader has abnormally
More informationSafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem
version 5.2.2 DataLocker Inc. July, 2017 SafeConsole Reference for SafeConsole OnPrem 1 Contents Introduction................................................ 2 How do the devices become managed by SafeConsole?....................
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More information