User attributes

User attributes are used by OneSpan Authentication Server to return specific information to a client component. There are two types of user attributes available in OneSpan Authentication Server:

  • RADIUS attributes can be returned when handling authentication requests from a RADIUS client.
  • Custom user attributes can be returned to Digipass Authentication Module clients and custom Web applications.

User attributes may be set for each authenticator user individually or to a group of authenticator users. For more information about adding user attributes to one or more user accounts, refer to the Administration Web Interface Help.

RADIUS attribute settings

RADIUS reply attributes can be returned with an Access-Accept packet when handling authentication requests from a RADIUS client. The attributes may include authentication parameters or authorization settings.

RADIUS attributes (Overview)

Figure: RADIUS attributes (Overview)

Acceptable RADIUS attribute names that can be used with OneSpan Authentication Server are defined in a RADIUS dictionary file (text file). The default dictionary file provided with OneSpan Authentication Server is located in %PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin\radius.dct (Windows) or /etc/vasco/ias/radius.dct (Linux), respectively. You can edit or replace the dictionary file to allow more or less RADIUS attributes to be used if required.

You can upload a custom RADIUS dictionary file via the Configuration Utility. For more information, refer to the OneSpan Authentication Server Administrator Guide.

Attribute group

For RADIUS attributes, one or more attribute groups are specified in the policy used for the specific client component. When multiple client components require RADIUS reply attributes, the specified attribute group ensures that only attributes required by the specific RADIUS client are sent.

Name

The name of the RADIUS attribute. This must conform to a RADIUS attribute name specified in the RADIUS dictionary in use. If an attribute is returned multiple times within one transaction with different values, it needs to be added to the attribute group the required number of times.

Value

The required value of the RADIUS attribute.

Custom user attribute settings

Custom attributes can be used with OneSpan plug-ins and Digipass Authentication Module clients.

Custom user attributes (Overview)

Figure: Custom user attributes (Overview)

Attribute group

An attribute group is specified by the client component as a parameter in the authentication request. When multiple client components are using custom user attributes, the specified attribute group ensures that only attributes required by the specific client are returned.

Name

A name for the attribute as expected by the client component.

Usage

  • Basic. Indicates that the attribute is used by Digipass Authentication for IIS Basic for basic authentication.
  • Return. Indicates a return attribute used by Digipass Authentication for Steel-Belted RADIUS Server.
  • Check. Indicates a check attribute used by Digipass Authentication for Steel-Belted RADIUS Server.

Value

The required value of the named attribute.