Identifying the client component record
OneSpan Authentication Server identifies a component requesting authentication by using the following:
- Component type. This is either a name provided by the SOAP application, or a fixed name such as RADIUS Client, Citrix Web Interface, Outlook Web Access, or Administration Program.
- Location. The source IP address of the request.
A client component with an IP address range (IPv4 CIDR notation) as component location will be used to handle requests from any client within that IP address range. If two (or more) matching client components with overlapping IP address ranges are found, the client component with the smaller IP address range (more specific) takes precedence and will be used to serve the request.
The processes of looking up and verifying a client component varies according to the component type (see RADIUS client component check and Digipass Authentication Module client component check).
RADIUS client component check
For a RADIUS client, the following component checks are made:
Component record exists
OneSpan Authentication Server verifies whether a client component record exists for the RADIUS client. If not, the request is discarded without a response.
The client component record requires the following settings:
- Type: RADIUS Client
-
Location: The source IP address of the request OR default if there is no RADIUS client at the specified location.
Any RADIUS client without an explicit component record will be handled using the default RADIUS client component if one exists.
Shared secret is set
The component record must have a shared secret value set. If not, the request is discarded without a response.
Digipass Authentication Module client component check
Component record exists
OneSpan Authentication Server verifies whether a client component record exists for the Digipass Authentication Module client. If not, the request is discarded without a response.
The client component record requires the following settings:
- Type: One of the Digipass Authentication Module client component types.
- Location: The source IP address of the request.