Configuring OneSpan Authentication Server for Thales ProtectServer HSM

If you are setting up OneSpan Authentication Server to work with a Thales ProtectServer HSM, install the following ProtectToolkit utilities on the OneSpan Authentication Server host before you install OneSpan Authentication Server:

  • Network or PCI Access Provider
  • ProtectToolkit C Runtime Library

Before installing OneSpan Authentication Server, ensure that your license allows hardware security module server functionality.

Perform an advanced installation. During the configuration process (via the Configuration Wizard), you will be asked to configure OneSpan Authentication Server for HSM.

To configure OneSpan Authentication Server for Thales ProtectServer HSMs

  1. In the Hardware Security Module page of the OneSpan Authentication Server Configuration Wizard, select Use the available hardware security module(s).
  2. Navigate to the HSM connection library file. For Linux installations, this file will typically be named libcryptoki.so; the location will be provided by default.
  3. Type the name of the storage key created earlier, and the slot ID in which it was created (see Creating a storage data key (Thales ProtectServer)).

    If the key was set as private, type the token label and PIN.

  4. Type the name of the sensitive data key created earlier (see Creating a sensitive data key (Thales ProtectServer)).

    If the key was set as private, type the token label and PIN.

  5. Continue with the OneSpan Authentication Server configuration process.

For more information about the configuration process for advanced installations, see Configuring OneSpan Authentication Server (advanced installation).