Test scenario: Local authentication

This scenario covers authentication handled by OneSpan Authentication Server without back-end authentication enabled. The following login methods will be covered:

• Using static password. Does not require an authenticator.
• Using Response-Only. Requires an authenticator with a Response-Only application.
• Using Challenge/Response. Requires an authenticator with a Challenge/Response application.

Static password

To test local authentication with static password

1. Make the following changes to the test policy (see Modifying the test policy):

   • Policy > Local Authentication: DIGIPASS/Password during Grace Period
   • Policy > Back-End Authentication: None
   • User > Password Auto-learn: Yes
2. Verify that the grace period of the authenticator used for testing is set to a time in the future. If it is not, the static password logon will fail.
3. Run a test logon using RADIUS Client Simulator (see Testing a logon with RADIUS Client Simulator), using the user ID and stored static password.

Response-only

To test local authentication with Response-Only

1. Make the following changes to the test policy (see Modifying the test policy):

   • Policy > Local Authentication: DIGIPASS/Password during Grace Period
   • Policy > Back-End Authentication: None
   • DIGIPASS > Application Type: Response Only
2. Run a test logon using RADIUS Client Simulator (see Testing a logon with RADIUS Client Simulator), using the user ID and the OTP generated by your authenticator.

Challenge/response

To test local authentication with Challenge/Response

1. Make the following changes to the test policy (see Modifying the test policy):

   • Policy > Local Authentication: DIGIPASS/Password during Grace Period
   • Policy > Back-End Authentication: None
   • DIGIPASS > Application Type: Challenge/Response
   • Challenge > 2-Step Challenge/Response > Request Method: Keyword
   • Challenge > 2-Step Challenge/Response > Request Keyword: 2StepCR

2. Run a test logon using RADIUS Client Simulator (see Testing a logon with RADIUS Client Simulator):

   1. Enter the user ID and the keyword (2StepCR) in RADSIM.
   2. Enter the challenge provided by the RADIUS Client Simulator into your authenticator.
   3. Enter the same user ID and the response provided by your authenticator in RADIUS Client Simulator.