DIGIPASS Authentication for F5 FirePass - VASCO · DIGIPASS Authentication for Microsoft ISA 2006...

DIGIPASS Authentication for

Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

With IDENTIKEY Server / Axsguard IDENTIFIER

Integration Guidelines

Disclaimer Disclaimer of Warranties and Limitations of Liabilities

This Report is provided on an 'as is' basis, without any other warranties, or conditions.

No part of this publication may be reproduced, stored in a retrieval system, or

transmitted, in any form or by any means, electronic, mechanical, photocopying,

recording, or otherwise, without the prior written permission of VASCO Data Security.

Trademarks

DIGIPASS , IDENTIKEY, IDENTIFIER & AXSGUARD are registered trademarks of

VASCO Data Security. All trademarks or trade names are the property of their

respective owners. VASCO reserves the right to make changes to specifications at any

time and without notice. The information furnished by VASCO in this document is

believed to be accurate and reliable. However, VASCO may not be held liable for its

use, nor for infringement of patents or other rights of third parties resulting from its

use.

Copyright

2010 VASCO Data Security. All rights reserved.

Table of Contents

DIGIPASS Authentication for Microsoft ISA 2006 ........................................... 1

Disclaimer ...................................................................................................... 2

Table of Contents............................................................................................ 3

1 Reader ...................................................................................................... 5

2 Overview ................................................................................................... 5

3 Problem Description .................................................................................. 5

4 Solution .................................................................................................... 5

5 Technical Concept ..................................................................................... 7

5.1 General overview .................................................................................. 7

5.2 Microsoft Active Directory prerequisites .................................................... 7

5.3 Microsoft ISA server 2006 prerequisites ................................................... 7

5.4 Microsoft Sharepoint 2007 prerequisites ................................................... 7

5.5 IDENTIKEY Server Prerequisites .............................................................. 7

6 Active Directory Settings .......................................................................... 8

6.1 Domain functional level .......................................................................... 8

6.2 Constrained Delegation .........................................................................10

7 Sharepoint 2007 Settings ........................................................................ 13

7.1 Create Web Application .........................................................................13

7.2 Create Site Collection ............................................................................17

7.3 Create Alternate Access Mappings ..........................................................20

8 Microsoft IIS Settings ............................................................................. 23

8.1 SSL Server Certificate ...........................................................................23

9 Microsoft ISA 2006 Settings .................................................................... 28

9.1 Certificate settings ...............................................................................28

9.1.1 Importing root certificate ................................................................28

9.1.2 Requesting Web Server certificate ....................................................34

9.2 Publishing Sharepoint ...........................................................................39

9.3 RADIUS settings ...................................................................................49

10 IDENTIKEY Server ................................................................................ 53

10.1 Policy configuration ..............................................................................53

10.2 Client configuration ..............................................................................56

11 Test Sharepoint logon .......................................................................... 58

12 About VASCO Data Security .................................................................. 59

1 Reader This Document is a guideline for configuring the partner product with IDENTIKEY

SERVER or Axsguard IDENTIFIER. For details about the setup and configuration of

IDENTIEKEY SERVER and Axsguard IDENTIFIER, we refer to the Installation and

administration manuals of these products. Axsguard IDENTIFIER is the appliance

based solution, running IDENTIKEY SERVER by default.

Within this document, VASCO Data Security, provides the reader guidelines for

configuring the partner product with this specific configuration in combination with

VASCO Server and Digipass. Any change in the concept might require a change in the

configuration of the VASCO Server products.

The product name`IDENTIKEY SERVER`will be used throughout the document keeping

in mind that this document applies as well to the Axsguard IDENTIFIER.

2 Overview The purpose of this document is to demonstrate how to configure IDENTIKEY SERVER

to work with Microsoft ISA server (ISA) to perform Single Sign On (SSO) to a

Sharepoint portal with a One Time Password (OTP).

3 Problem Description When using a DIGIPASS to authenticate to the ISA Server, your OTP will be checked

by VACMAN Middleware. When another website, requiring authentication, will be

accessed behind the ISA firewall and you would like to use a single sign-on schema,

ISA will send your username and OTP to this site. As the OTP would be validated a

second time, you would receive a code replay on the IDENTIKEY SERVER and access

will be rejected. The solution to this problem could be entering your regular username

and password or at least a second OTP. The user would then have to authenticate

twice, once on the ISA server and once for the Sharepoint portal, however this is less

convenient for the user...

4 Solution In ISA Server 2006 it is now possible to authenticate to the Sharepoint web site using

Kerberos constrained delegation. This means the ISA server will, after a successful

authentication to the VACMAN Middleware, create a Kerberos ticket on the domain

controller. With this ticket the user will be able to perform an integrated authentication

on the Sharepoint web site, without having to authenticate a second time.

After configuring the IDENTIKEY SERVER, the ISA server and the Active Directory in

the right way,

you eliminate the weakest link in any security infrastructure – the use of static

passwords – that are easily stolen guessed, reused or shared.

192.168.1.0/24

10.0.10.0/24

IDENTIKEY Server

IP: 10.0.10.20

RADIUS Port: 1812

Microsoft ISA Server 2006

- IP int: 10.10.0.100

- IP ext: 192.168.1.20

- Sharepoint published:

https://sharepoint.labs.vasco.com

Client

IP: 192.168.1.10

Domain Controller

(dc.labs.vasco.com)

IP: 10.0.10.10

CA: dc.labs.vasco.jsm

Sharepoint 2007

- IP: 10.0.10.10

- Sharepoint published:

https://sharepoint

RADIUS

Authentication

Back-end

Authentication

Kerberos

AuthenticationKerberos

ticket

Kerberos ticket

Figure 1: Solution

5 Technical Concept

5.1 General overview

The main goal of the ISA server is to perform authentication in a secure way to gain

access to the Sharepoint portal. As the ISA server can do authentication to an external

service with RADIUS, we will place the IDENTIKEY SERVER in the middle of this

process to secure the authentication with our proven VACMAN Middleware software.

5.2 Microsoft Active Directory prerequisites

I Important Notice To make use of the Kerberos constrained delegation, the domain functional level

should be “Windows Server 2003”. If there are currently older domain controllers

(2000, NT4 …) deployed in your domain, raising the domain function level is not

possible. By default, in Windows 2003 server, the domain functional level is “Windows

2000 mixed” and will have to be raised.

If you want to make use of HTTPS/SSL connections, you need a root CA to be installed

for your domain.

5.3 Microsoft ISA server 2006 prerequisites

Please make sure you have a working setup of the ISA server. It is very important this

is working correctly before you start implementing the authentication to the VACMAN

Middleware and make a rule to publish a Sharepoint portal.

5.4 Microsoft Sharepoint 2007 prerequisites

We assume you have MS Office Sharepoint Server 2007 installed. Configuration for a

new site will be shown in this guide.

5.5 IDENTIKEY Server Prerequisites

In this guide we assume you already have IDENTIKEY Server installed and working. If

this is not the case, make sure you get it working before installing any other features.

6 Active Directory Settings

The domain functional level must be raised to be able to use the advanced constrained

delegation features in the Active Directory. Windows 2003 server will be installed

standard in “Windows 2000 mixed” mode. The advanced features are only available

when your active directory level is “Windows Server 2003” mode.

Constrained delegation is a ticketing system relying on Kerberos. Any computer in a

domain, that is trusted to request tickets, can request a ticket for a certain user. With

this ticket the user is able to authenticate himself when authentication is demanded,

instead of supplying his credentials again.

6.1 Domain functional level

I Important Notice Before continuing, please do be aware of the consequences of raising your domain

functional level. If any older domain controllers (2000, NT4, …) are active in you

network, do not raise the functional level. As it is required to raise the functional level

to use Kerberos constrained delegation, you will not be able to complete this

integration guide.

On the domain controller, open the Active Directory Users and Computers

administrative tool. Right-click your top domain and select Raise Domain Functional

Level….

Figure 2: Domain functional level (1)

Choose Windows Server 2003 in the select box and click Raise.


You get a notice that once you raised the domain functional level, you are not able to

reverse this action and it is raised domain wide. Click OK to continue.


You will receive a confirmation message when raising the domain was successfully

completed. Click OK to finish.


6.2 Constrained Delegation

Next, in the same window, go to the folder Computers and select the computer

containing the ISA server. Right-click the server name and select Properties.

Figure 6: Constrained Delegation (1)

Go to the Delegation tab. This tab is only shown when your domain functional level is

“Windows Server 2003”. Select the option: Trust this computer for delegation to

specified services only. And beneath this option select Use any authentication

protocol. When this is done, the Add… button will be available and click it.


Click the Users or Computers… button to select the computer we want to delegate

to.


Search or select the computer where the Sharepoint portal is located. Click OK to

continue.


When you selected the computer to delegate to, you have to choose the service type.

The authentication comes from and goes to a web service, so find http in the list and

click OK.


The next screen shows you an overview of the delegation settings. This screen is

actually saying: We give the computer where ISA is installed the authority to delegate

an http authentication to the chosen computer. Click OK to finish.

In our setup the ISA server is installed on a computer named: MEMBER.


7 Sharepoint 2007 Settings To create a new Sharepoint portal we will have to create a web application that

contains the required IIS settings and addsome content to this web application.

Additionally we must make sure the URL external users type in is also known in

Sharepoint. (The published URL, used by external users passing the ISA server.)

7.1 Create Web Application

First thing to do in Sharepoint is to create a web application. In the Application

Management tab select Create or extend Web application.

Figure 12: Create Web Application (1)

Then choose to Create a new Web application.


Next 4 Figures (14 to 17) will show you how the settings should be set on this page.

We only mention the fields which require changes, other fields are filled in

automatically or are optional.

IIS Web Site

o Port: 443 (for standard SSL connections)

o Host header: sharepoint


Security Configuration

o Authentication provider: Negiotiate (Kerberos)

o Allow Anonymous: No

o Use Secure Sockets Layer: Yes


Load Balanced URL Leave all default settings

Application Pool: Create new application pool

o Predefined: Network Service


Database Name and Authentication: Leave all default settings

If all the settings are filled in, by you or automatically, click the OK button.


You will receive an alert message stating that you selected Kerberos and this needs

manual configuration steps. As we did this already, click OK.


When everything is created on the back-end, you will get a confirmation page stating

the application was successfully created. You will see in the text we need to restart the

IIS so all changes will be activated.

On the Sharepoint server, run the command “iisreset /noforce” and make sure all

websites are up and running before you continue.


7.2 Create Site Collection

Now it’s time we add some content to this web application. In the Application

Management tab select Create site collection.

Figure 20: Create Site Collection (1)

The next 4 figures (21 to 24) will show you how the site collection settings are set.

First make sure you have the right Web application selected in the list. If this is not

correct click the Change Web Application option.


In the newly opened window click on your web application you want to create some

content for.


Now the correct web application will be shown in the list. Enter a Title and

Description for your site collection and choose the web site address under which

your site collection will be approachable.

A template guide will help you to select the best layout for your site collection.

Choose one from the list.


Enter a username as primary and/or secondary site collection administrator

and click the “check name”-button behind the input field to lookup this name in your

AD. When the name was found, it will be underlined.

You could also browse for users, then you would have to click the “address book”-

button behind the input field.

When all settings are made click the OK button to start generating this site content in

your web application.


When the site collection is successfully created, you will receive a confirmation page.

Click OK to get back to the main screen.


7.3 Create Alternate Access Mappings

We now have a working Sharepoint web site for internal use, accessible through

https://sharepoint. But users will access this portal page through the ISA server

connecting to the address http://sharepoint.labs.vasco.com. The content on our site

will have to be adapted to this kind of connection.

To solve this problem, Sharepoint foresees alternate access mappings. We will have to

add the external address to our database.

Go to the Operations tab and choose Alternate access mappings.

Figure 26: Create Alternate Access Mapping (1)

Click on the Add Internal URLs link on top of the page.


https://sharepoint/

http://sharepoint.labs.vasco.com/

Select the correct mapping collection by selecting the Change Alternate Access

Mapping Collection link and selecting your correct site collection in the list.


Now the correct collection will be shown and an alternate mapping can be added.

Type in the external address to which users connect for the Sharepoint site, this

value is also present on the ISA server. In the “Add Internal URL” list, select the

Internet option. Click Save to continue.


Now you will see both URLs in the list. One for internal use, the other one for external

usage.


8 Microsoft IIS Settings

8.1 SSL Server Certificate

Open the Internet Information Services (IIS) Manager administrative tool on the

Sharepoint server. Right-click on the web site under which your Sharepoint web

application is published and click Properties.

Figure 31: SSL Server Certificate (1)

Go to the Directory Security tab and click the Server Certificate… button. This will

start a wizard for creating a web server certificate.


Click Next to continue.


Select the Create a new certificate option and click Next.


If you use a personal root CA, you can choose to directly request the certificate at

your CA. If you want to make use of a commercial root CA, you can prepare the

request and send it later.

The advice is to use an internal SSL certificate for the connection between the ISA

server and the Sharepoint server (this wizard). For the connection from the client to

the ISA server you may use an external/commercial SSL certificate if you find this

more suitable. We will come back to this issue later on.

For our example we just use the “dc” computer as root CA for the whole setup.

Select Send the request immediately to an online certification authority and

click Next.


Give your certificate a meaningful Name and click Next to continue.


Fill in your organization and organizational unit name. Click Next to advance.


Next, fill in the name of the Sharepoint server. This has to be the name internal users

use to connect to the Sharepoint portal.


Select your country in the list, fill in your state/province and city/locality. Click

Next to continue.


By default the SSL port is filled in with port 443. Unless you chose another port during

the Web Application setup, leave it at the default value.


If your CA is setup correctly, it will show up in the list. Select your CA and click Next.

If the CA does not show up, go back and choose to prepare the request now and send

it later.


The next screen shows you an overview of the settings for this certificate, make sure

everything is correct. Click Next to continue, otherwise click Back to make some

changes.


The certificate is now created; click Finish to close the wizard.


We now have enabled our Sharepoint web application with an SSL certificate.

DIGIPASS Authentication for F5 FirePass - Integration Guideline V1.0

2010 VASCO Data Security. All rights reserved. Page 28 of 59

9 Microsoft ISA 2006 Settings

9.1 Certificate settings

9.1.1 Importing root certificate

When using a personal root CA to create an SSL certificate for the connection between

the ISA server and the Sharepoint web site, we have to add the certificate publisher to

the Trusted Root Certification Authorities of the local computer account. This is

a list of all certificate publishers that are trusted by Microsoft. When we use a

certificate that was created by a personal root CA, we have to add this CA to the

trusted list.

When you have your personal root CA installed, you will find the root certificate on the

designated server under the C:\ root. This is normally named like this:

C:\COMPUTERNAME.domain.extension_friendly-name.crt

In our example this would make:

C:\dc.labs.vasco.com_VASCO Labs CA.crt

Copy this file to the C:\ root of the ISA server.

Figure 44: Importing root certificate (1)



Open the Microsoft Management Console (MMC). Select Add\Remove Snap-in…

from the File menu.


Click the Add… button to select what kind of snap-in you would like to add.




Select Certificates from the list and click Add.


Select the Computer account. Click Next to continue.




Choose the accounts of the Local computer (the computer the console is running

on). Click Finish to end the wizard.


As you are able to add more snap-ins at the same time, click Close when the

certificate wizard has finished.

In the local computers certificates window, right-click the Trusted Root Certification

Authorities and select Import… from the All Tasks panel.




Click Browse to select the root certificate you copied earlier in the C:\ root.

Afterwards click Next to continue.

Figure 51: Importing root certificate

(8)

Figure 52: Importing root certificate

(9)

Default, the option Place all certificates in the following store is selected and has

the right Certificate store. If not, select it and choose for the Trusted Root

Certification Authorities.




The next screen will show an overview of the actions. Review them and click Finish to

import the certificate.


You will receive a message stating that the import was successful. Click OK to finish.


You will now find your own root CA in the list of trusted root certification authorities.

You can leave this console MMC window open for later use.



9.1.2 Requesting Web Server certificate

What we did before was creating an SSL certificate for the protection of the internal

network. The next step is to secure the connection from the client. It would be an

extreme task to make all your clients import your own root certificate to trust the SSL

web certificate. For this matter the trusted authorities list is already in Windows. So

you can just buy a commercial SSL certificate from a company on this list that is

trusted by everyone that uses Windows.

Instead of using a commercial SSL certificate you can still use an SSL certificate from

your personal root CA. It is easily done by using the Microsoft Certificate Services web

site that is installed on your root CA.

Go to the address: http://rootCA_computername/certsrv

In our example this is: http://dc/certsrv

Figure 56: Requesting Web Server certificate (1)

http://rootca_computername/certsrv

http://dc/certsrv



Click the advanced certificate request link.


Choose to Create and submit a request to this CA.




In the Certificate template list, select the Web Server certificate. Fill in all fields of

the Identifying Information For Office Template block.

Note: the Name field has to represent the URL external users will type in to go the

Sharepoint portal. Otherwise most browsers show an alert that the certificate name

does not match the URL entered in the location field.


Check Store certificate in the local computer certificate store and click Submit

to continue.




Now you will be able to directly install the requested certificate by clicking the Install

this certificate link.


You will receive a security notification stating that trusting certificates from unknown

sources could be dangerous. As we know where the certificate is coming from, it is

safe to click Yes and continue.




The web site now tells you the certificate is successfully installed. You can now close

the browser window.


In the certificate MMC window you can now find your newly created SSL certificate.

Under the Personal folder of the local computer account you will find it.




9.2 Publishing Sharepoint

To publish a Sharepoint web site trough ISA, there is a wizard available on the ISA

server. Open the ISA administration tool and click on the firewall policy in the left

pane. Select Publish Sharepoint Sites from the Tasks tab in the right pane.

Figure 65: Publishing Sharepoint (1)

Type in a meaningful name for this policy and click Next.




Choose to publish a single web site or load balancer if you have a single

Sharepoint server or only one load balancing address. Choose the other option if you

have more than one web site or multiple load balancing addresses. Click Next to

continue.


Choose to make use of SSL to connect to the Sharepoint web site and click Next.




Type the Internal site name as the name of the internal Sharepoint web site. Click

Next.


ISA acts as a proxy server, so all connections for the internal network pass the ISA

server. To know when traffic is meant for the Sharepoint web site, we will only accept

requests for This domain name (type below). As public name you specify the

address the clients use to connect to the Sharepoint website.

Example:

clients type in their browser https://sharepoint.labs.vasco.com so our public name

would be: sharepoint.labs.vasco.com


https://sharepoint.labs.vasco.com/



You now have the ability to create a listener, this is used to get bound to a port. The

ISA server will listen like a regular web service on port 80 for HTTP or 443 for HTTPS

(SSL), depending on what you select in the following steps. Be aware that listeners

can be used more than once. So, different ISA policies can use the same listener,

based upon the domain name.. You have to see the listener apart from the ISA policy.

The creation of the listener is a new wizard. The policy wizard will continue once the

listener is created.

Click the New… button to create a new listener.


Fill in an appropriate name for the listener.




Here you can choose whether you want the listener to make use of HTTPS/SSL or

HTTP. We already created an SSL certificate so we will choose to require SSL

secured connections with clients.


We select to listen on all network ports; this enables users to access Sharepoint

through ISA internally as well.




The following three figures show you how to import SSL certificate in the listener.

75. Select the Use single certificate for this web listener option.

76. Find the certificate in the list that was issued to the FQDN that users have to type

in.

Figure 75: Publishing Sharepoint

(12)


77. The external name is shown in the text field. Click Next to continue.




Choose HTML Form Authentication as how clients will provide their credentials to

the ISA server. Select RADIUS OTP as the way ISA server will validate the

credentials.


If you want to publish more than one web site with the same listener (to be used in

other policies), you can enable the ISA Server SSO (Single Sign On) option, for sites

using the same domain. We are currently setting up a SSO solution between the ISA

Server, VACMAN Middleware and Sharepoint. The SSO option talked about in the next

screen is only used when more than one source is published. (Like Sharepoint, etc…)

You could use for example the SSO domain: *.labs.vasco.com and be able to single

sign on to mail.labs.vasco.ext and Sharepoint.labs.vasco.com, if you use the same

listener for both policies in the ISA server configuration.

In our example we chose not to enable the ISA server SSO option as we don’t need it

for this setup.




The next screens will show you an overview of the listener settings. If all settings are

correctly shown as you wanted, click Finish first, secondly click Next.



The listener is now configured, and the policy wizard will now continue automatically.

In the Authentication Delegation screen, select Kerberos constrained delegation as

the method used by the ISA server to authenticate to the published web server. In

other words, this is the way the ISA server will try to authenticate to the Sharepoint

web site.

The Service Principal Name is what is setup in chapter 5.2 Constrained Delegation. It

is written like this: service_name/FQDN_Sharepointserver.

In our example this would become: http/dc.labs.vasco.com




The next options will ask us if we have already setup Alternate Access Mappings (see

chapter 6.3 Create Alternate Access Mappings), as we already did this, choose this

option and click Next.


The User Sets is used to set who can use this policy. As we only want the

authenticated users to be redirected to the Sharepoint web site, we add All

Authenticated Users. Click Next to continue.




What will follow is an overview of the policy settings. Check all entries and make sure

they are correct. You can still use the Back button to make changes. If all settings

seem to be correct, click the Finish button.


After clicking Finish, you will receive a notification message stating that for use of

Kerberos constrained delegation you must configure the Active Directory to allow

delegation. As we already did this, you can click OK.




9.3 RADIUS settings

To set up the authentication to VACMAN Middleware, we still have to configure the

RADIUS settings in the ISA server. You can do this by going to the properties of the

Policy you just created.

Figure 87: RADIUS settings (1)

Then go to the Listener tab, and click the Properties… button.




Go to the Authentication tab, and click on the Configure Validation Servers…

button.


On the RADIUS Servers tab, click on the Add… button to add a new RADIUS server.

In the new window provide all details of the VACMAN Middleware server. Server name

is the location where it’s based, can be a hostname or an IP address. The description

is optional. Use the Change… button to add a shared secret and make sure the

Authentication port is set to the same as configured in VACMAN Middleware.





Still in the Listener properties (Figure 89), click the Advanced… button. Make sure to

select the option Require all users to authenticate. Click OK until you get back to

the main window.


To save all changes, click the Apply button on top of the center window. This will write

all your changes and make them active on the current setup.




You will receive a notification message stating that the changes to the configuration

were successfully applied.


The configuration of the ISA server and the Active Directory are completed. The only

thing we still need to configure is the VACMAN Middleware.



10 IDENTIKEY Server Go to the IDENTIKEY Server web administration page, and authenticate with and

administrative account.

10.1 Policy configuration

To add a new policy, select PoliciesCreate.

Figure 95: Policy configuration (1)

There are some policies available by default. You can also create new policies to suit

your needs. Those can be independent policies or inherit their settings from default or

other policies.



Fill in a policy ID and description. Choose the option most suitable in your situation.

If you want the policy to inherit setting from another policy, choose the right policy in

the Inherits From list. Otherwise leave this field to None.


In the policy options configure it to use the right back-end server. This could be the

local database, but also active directory or another radius server.

This is probably the same that was in your default client authentication options before

you changed it. Or you use the local database, Windows or you go further to another

radius server.

In our example we select our newly made Demo Policy and change it like this:

Local auth.: Digipass/Password

Back-End Auth.: Default (None)

Back-End Protocol: Default (None)

Dynamic User Registration: Default (No)

Password Autolearn: Default (No)

Stored Password Proxy: Default (No)

Windows Group Check: Default (No Check)

After configuring this Policy, the authentication will happen locally in the IDENTIKEY

Server. So user credentials are passed through to the IDENTIKEY Server, it will check

these credentials to its local user database and will answer to the client with an

Access-Accept or Access-Reject message.



In the Policy tab, click the Edit button, and change the Local Authentication to

Digipass/Password.


The user details can keep their default settings.




10.2 Client configuration

Now create a new component by right-clicking the Components and choose New

Component.

Figure 99: Client configuration (1)



As component type choose RADIUS Client. The location is the IP address of the

client. In the policy field you should find your newly created policy. Fill in the

shared secret you entered also in the client for the RADIUS options. In our example

this was “vasco”. Click Create.

Figure 100: Client configuration (2)

Now the client and the IDENTIKEY Server are set up. We will now see if the

configuration is working.



11 Test Sharepoint logon Point your browser from an external client to the external address of the Sharepoint

portal. And fill in a username and a One Time Password (OTP).

In our example this is https://sharepoint.labs.vasco.com

Note: Make sure the username you are trying to login with is known in VACMAN

Middleware or Dynamic User Recognition (DUR) is enabled and has a DIGIPASS

account assigned to it. Other kind of self-registration methods can be found in the

VACMAN Middleware Administration Guide.

Figure 101: Test Sharepoint logon (1)

If everything goes well, you should see the Sharepoint team page, secured through

the ISA server and VACMAN Middleware.

Figure 102: Test Sharepoint logon (2)

https://sharepoint.labs.vasco.com/



12 About VASCO Data Security VASCO designs, develops, markets and supports patented Strong User Authentication

products for e-Business and e-Commerce.

VASCO’s User Authentication software is carried by the end user on its DIGIPASS

products which are small “calculator” hardware devices, or in a software format on

mobile phones, other portable devices, and PC’s.

At the server side, VASCO’s VACMAN products guarantee that only the designated

DIGIPASS user gets access to the application.

VASCO’s target markets are the applications and their several hundred million users

that utilize fixed password as security.

VASCO’s time-based system generates a “one-time” password that changes with every

use, and is virtually impossible to hack or break.

VASCO designs, develops, markets and supports patented user authentication

products for the financial world, remote access, e-business and e-commerce. VASCO’s

user authentication software is delivered via its DIGIPASS hardware and software

security products. With over 25 million DIGIPASS products sold and delivered, VASCO

has established itself as a world-leader for strong User Authentication with over 500

international financial institutions and almost 3000 blue-chip corporations and

governments located in more than 100 countries.

Date post:	07-Dec-2018
Category:	Documents
Upload:	doxuyen
View:	227 times
Download:	0 times

DIGIPASS Authentication for F5 FirePass - VASCO · DIGIPASS Authentication for Microsoft ISA 2006...

Documents