Fast reconnect
Wireless sessions may be renewed at regular intervals by using fast reconnect.
When a one-time password (OTP) authentication is performed, a session ID is assigned to the wireless connection. Fast reconnect uses that session ID to automatically re-authenticate the wireless connection rather than requiring user ID and OTP input from the user.
Figure: Fast reconnect (Overview)
Fast reconnect authentication process
During a fast reconnect operation, the authentication process proceeds as follows:
- OneSpan Authentication Server identifies the client component. To allow fast reconnect, a record for the wireless access point that makes the fast reconnect request must exist in the data store.
- OneSpan Authentication Server retrieves the policy to use from the component record.
-
OneSpan Authentication Server performs the following checks:
- Windows username/domain resolution (if used)
- Windows group check
- Verify whether the user has a user account
- Verify whether the user account is disabled or locked
- (OPTIONAL) If back-end authentication and stored password proxy are enabled, OneSpan Authentication Server verifies the stored static password with another system (e.g. Windows or RADIUS).
- The authentication result is audited and returned.
Roaming connections
Users are considered to be roaming if all of the following applies:
- Multiple wireless access points are available.
- The user may connect to more than one wireless access point.
- The user will be moving from the range of one wireless access point to another.
A change from one wireless access point to the next can be made without inconvenience to the user if fast reconnect can be used between the access points.
Roaming connections are not supported over multiple OneSpan Authentication Server instances.
Fast reconnect will only work for roaming wireless connections if the following applies:
- All wireless access points are sending authentication requests to the same OneSpan Authentication Server instance.
- All component records for the wireless access points are using the same policy.
- All wireless access points are configured to use the same SSID.
Figure: Roaming wireless fast reconnection