Test scenario: RADIUS back-end authentication

This scenario covers authentication handled by OneSpan Authentication Server using a RADIUS server for back-end authentication.

Local and RADIUS back-end authentication

Local and back-end authentication means that both OneSpan Authentication Server and the RADIUS server will authenticate a login. This allows RADIUS reply attributes to be retrieved from the RADIUS server.

In this scenario, Password Autolearn and Stored Password Proxy are used. With these features enabled, OneSpan Authentication Server will learn the user's RADIUS server password, so that the user does not need to log in with both the password and one-time password (OTP) at each logon. However, the first time that users log on, they will need to provide their RADIUS server password so that OneSpan Authentication Server can learn it. In subsequent logins, they can just log in with their OTP, and OneSpan Authentication Server will send the stored password to the RADIUS server.

To test local and RADIUS back-end authentication with Response-Only

  1. Make the following changes to the test policy (see Modifying the test policy):

    • Policy > Local Authentication: DIGIPASS/Password during Grace Period
    • Policy > Back-End Authentication: Always
    • Policy > Back-End Protocol: RADIUS
    • Password Auto-learn: Yes
    • Stored Password Proxy: Yes

  2. Run a test logon using RADIUS Client Simulator (see Testing a logon with RADIUS Client Simulator):

    1. Enter the user ID for the user account you are using for test logons in the User ID box.
    2. Enter the user account's RADIUS server password followed by an OTP generated by the authenticator in the Password box. Do not type any spaces between the password and the OTP.

    3. Click Login.

      The Status information field will indicate the success or failure of your logon. Below that you should see the RADIUS reply attributes from the RADIUS server.

    4. Enter a new OTP generated by the authenticator into the Password field, without the RADIUS server password.

    5. Click Login.

      The Status information field will indicate the success or failure of your logon. Below that you should see the RADIUS reply attributes from the RADIUS server.