Identifying the client component record

OneSpan Authentication Server identifies a component requesting authentication by using the following:

• Component type. This is either a name provided by the SOAP application, or a fixed name such as RADIUS Client, Citrix Web Interface, Outlook Web Access, or Administration Program.
• Location. The source IP address of the request.

A client component with an IP address range (IPv4 CIDR notation) as component location will be used to handle requests from any client within that IP address range. If two (or more) matching client components with overlapping IP address ranges are found, the client component with the smaller IP address range (more specific) takes precedence and will be used to serve the request.

The processes of looking up and verifying a client component varies according to the component type (see RADIUS client component check and Digipass Authentication Module client component check).

RADIUS client component check

For a RADIUS client, the following component checks are made:

Component record exists

Shared secret is set

The component record must have a shared secret value set. If not, the request is discarded without a response.

Digipass Authentication Module client component check

Component record exists