DIGIPASS Authentication for OWA Forms
Contents
1. Folders and Files 32 bit 64 bit Description vdsnetwork dll X X vdsprocess dll X X vdsseal dll X X Config sxml Configuration file of the DIGIPASS Authentication Plug In Configuration X X Center and the configuration wizard NOTE Do not edit this file Settings xml X X Configuration file containing settings for servers and connections tracing and authentication This file is written to by the DIGIPASS Authentication Plug In Configuration Center and the configuration wizard For information about how to work with the file refer to Section 4 2 Editing the Configuration File lt PROGRAMS FOLDER gt VASCO DIGIPASS Authentication for OWA Forms 1033 String xml X X Resource files Config xrs X X DIGIPASSPlugin ConfigWizard xrs X X GUIFX xrs X X PPDIGIPASSPlugin_Common xrs X X PPDIGIPASSPlugin IIS FormsBased xrs X X StdGUI xrs X X PROGRAMS FOLDER gt VASCO DIGIPASS Authentication for OWA Forms Documentation 1 033 DIGIPASS Authentication for OWA Forms X X Product documentation and license Manual pdf agreement DIGIPASS Authentication for OWA Forms X X Release Notes pdf License pdf X X PROGRAMS FOLDER WASCOVDIGIPASS Authentication for OWA Forms Templates Common Challenge template html X X Common templates PROGRAMS FOLDER WASCOVDIGIPASS Authentication for OWA Forms Templates OWAF 2007 logon aspx X X Templates for OWA 2007 Readme txt X X PROGRAMS F2. eeeen mee 29 4 1 1 Starting DIGIPASS Authentication Plug In Configuration Center 29 4 1 2 Configuring Servers and Connections nennen nnne 30 4 1 3 Configuring Authentication Settings kenstri rt orc eet vn t race v e e etna es 33 4 1 4 ill NN N cT TT Tn n gg ert io n ern ere s 37 4 2 Editing the Configuration File L kk kk kk kk kk a kaka kk KA nnn 39 4 2 1 Example Config ratdonFIles scc n ct e Pc ek era Ee i e Pe a e e e B na a dan 39 4 2 2 Configuration Setting S __55aan222222xEbTRTmobmm nNzNp wxpxpa aaImrm 41 AD 20 Servers anig COTInectioris cocer ee eere aya tinted ep a e et e era teda 41 4222 MACs rodent ete dehet eid debe Dado e dde edet dead duda 43 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 3 DIGIPASS Authentication for OWA Forms User Manual Table of Contents 42 2 9 Forms Daseu althientiGatiori i as co dete lk 1ala kin za etie etie dece reed e red eve caede duced 43 4 3 Configuring Exchange to Work with the DIGIPASS Authentication Plug ln 47 4 3 1 Configuring Exchange 2007 ssssseeeeeennreenr nnne rennen rennen rennen n 47 4 3 2 Configuring Exchange 2010 cccccccccsscsecsscsscsscsecsescsscsecseesasersvsecseeascsssssesesascsssstesesascssssteseseassstsstessseatens 48 4 4 Configuring the Authentication Server
3. 54 policy one step challenge response 56 policy two step challenge response 56 policy Virtual DIGIPASS sss 56 SEAL DOR Del rr HH HH r esL DOR DA 25 Windows user accounts configuring 52 Windows user name resolution 52 B basic authentication CXDIAN AU OTI sco DD DD 13 C character set language G ES nananana 44 client record explanation sse 13 ewili NN SS YY DD rm e 39 configuration settings 41 configuration settings servers and connections 41 configuration settings tracing 43 language codes 44 r vision RUT DO cetera eret eterne 39 Sample file i s mm mm iac kde 39 servers and connections nente 41 LLE On MM HNH HHH NMNMNMDMNNuIN 43 Configuration WIZANG i i i yiya aliya kutana laie lal tein s 24 Cent TECO O a irridet c eR ice bete f ce 26 IP address of authentication server 25 IP address of the local machine 25 license Key ML 26 SEAL port of authentication server 25 Index D DIGIPASS Authentication Plug In configuring using Configuration Center 29 configuring using configuration wizard
4. 24 explanatio ccu erect dete deett deese tbe vetet tecto 13 installation problems ee e 65 aT 12 DIGIPASS Authentication Plug In 12 DIGIPASS Authentication Plug In Configuration Center 29 character encodirg s crate 34 client type nnne 34 configuring authentication settings 33 Configuring TAGING cce terria 37 enabling DIGIPASS authentication 33 enabling load sharing nne 31 enabling one step challenge response 35 enabling two step challenge response 35 secure connection settings see 32 Server SEMIS s c sos aser e DD n OPERAR ORE 31 specifying connection settings sse 32 specifying login settings sss 34 specifying settings for failed login 35 specifying Web site settings 34 SIEUT PDK Dr E gg 29 testing the connection snn 32 DIGIPASS Authentication Plug In Configuration Center Configuration configuring servers and connectione 30 displaying login failure reason eennnn 61 configuring the login page en 61 logon dSpX iie riot pr poter Re Dope pipes 61 document conventions ss 9 dynami
5. 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 72 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting See the authentication server s Administrator Reference or Administrator Guide for more information 6 2 5 Web Browser If you experience login problems that occur in Windows Internet Explorer only i e login is possible in other Web browsers you may need to delete the IE browser history the corresponding cookies and temporary files 6 2 6 Licensing Check that the DIGIPASS Authentication Plug In has a valid client record in the authentication server data store which has a valid license loaded Make sure the configured local IP address and component type correspond to the client record See the Licensing section of the authentication server s Administrator Reference or Administrator Guide for more information on licensing options 6 2 7 SSL If the DIGIPASS Authentication Plug In is configured to use a custom certificate archive permission issues may cause a communication error with an IDENTIKEY Server Check that the IUSR account and IIS IUSRS group have read permission on the configured file 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited T3 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting 6 3 Repairing the Installation The installation of the D
6. Query string parameter needed in the URL FormsBasedAuthentication gt SiteList gt Site0 gt FailedLoginPage gt BaseURL URL to use after a failed login attempt The default value is owa auth logon aspx replaceCurrent 1 amp amp reason 2 FormsBasedAuthentication gt SiteList gt Site0 gt FailedLoginPage gt ReturnErrorReasonEnabled Enable disable returning the error reason after a failed login attempt The default value is TRUE FormsBasedAuthentication gt SiteList gt Site0 gt FailedLoginPage gt SessionVariableList gt SessionVariable0 gt Name Session variables for the failed login page The Session Variables list contains query string parameters from the login submit request which should be included in the failed login URL such as session identifiers FormsBasedAuthentication gt SiteList gt Site0 gt OneStepChallengeResponsePage gt BaseURL URL to use in making a one step challenge response login request The default value is owa auth logon aspx 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 45 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms FormsBasedAuthentication gt SiteList gt Site0 gt OneStepChallengeResponsePage gt Enabled
7. Enable disable one step challenge response logins The default value is FALSE FormsBasedAuthentication gt SiteList gt Site0 gt OneStepChallengeResponsePage gt QueryStringParameterList gt QueryStringParameter0 gt NameValuePair Query string parameter needed in the URL FormsBasedAuthentication gt SiteList gt Site0 gt OneStepChallengeResponsePage gt QueryStringParameterList gt QueryStringParameter1 gt NameValuePair Query string parameter needed in the URL The default value is replaceCurrent 1 FormsBasedAuthentication gt SiteList gt Site0 gt TwoStepChallengeResponsePage gt TemplateFilename Location and file name of the template to use in creating a two step challenge response page The default value is INSTALLATION DIRECTORY gt Templates Common Challenge_template html FormsBasedAuthentication gt SiteList gt Site0 gt TwoStepChallengeResponsePage gt FormMethod HTML form method to use in submitting a two step challenge response login request Possible values are GET or POST The default value is POST 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 46 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 3 Configuring Exchange to Work with the D
8. Figure 2 Standard Server Connection Configuration This setup uses one main authentication server to handle requests from the Web server with a backup authentication server for use when the main server is busy or unavailable 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 16 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 20 Tracing The DIGIPASS Authentication Plug In allows use of a trace file to record plug in activity e g for troubleshooting This will include errors that have been encountered warnings and general information about performed authentication requests The level of tracing that the DIGIPASS Authentication Plug In employs depends on its configuration settings CAUTION Enabling full tracing should only be done for troubleshooting purposes There are no limits set on the size of the tracing file so if the option is left on too long on a high load system the file may dramatically slow down or crash Windows due to excessive 1 0 or filling up the hard drive Because there are no size limitations set on the trace file it is not recommended that you have tracing permanently enabled If your system is set up with tracing always enabled ensure that the file size does not cause problems by deleting or archiving it whenever it gets too large Basic tracing includes e Error messages e Warnings
9. e High level information about plug in activity Full tracing includes e Error messages e Warnings e High level information about plug in activity e Detailed information about plug in activity NOTE The DIGIPASS Authentication Plug In will require permissions for the directory in which the tracing file is kept See Section 6 1 2 Checking Permissions for more information 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 17 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms 3 Installing DIGIPASS Authentication for OWA Forms This chapter contains instructions to install DIGIPASS Authentication for OWA Forms It lists system and other requirements as well as pre installation settings and tasks Be sure to check that all system requirements and pre installation tasks have been met before installing the DIGIPASS Authentication Plug In This will help ensure a smooth trouble free installation and integration process This chapter covers the following topics e System Requirements e Pre Installation Tasks e Installing DIGIPASS Authentication for OWA Forms e Using the DIGIPASS Authentication for OWA Forms Configuration Wizard 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 18 DIGIPASS Authentication for OWA Forms User Manual
10. DIGIPASS authentication DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms User Manual Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an as is basis without any other warranties or conditions express or implied including but not limited to warranties of merchantable quality merchantability of fitness for a particular purpose or those arising by law statute usage of trade or course of dealing The entire risk as to the results and performance of the product is assumed by you Neither we nor our dealers or suppliers shall have any liability to you or any other person or entity for any indirect incidental special or consequential damages whatsoever including but not limited to loss of revenue or profit lost or damaged data of other commercial or economic loss even if we have been advised of the possibility of such damages or they are foreseeable or for claims by a third party Our maximum aggregate liability to you and that of our dealers and suppliers shall not exceed the amount paid by you for the Product The limitations in this section shall apply whether or not the alleged breach or default is a breach of a fundamental condition or term or a fundamental breach Some states countries do not allow the exclusion or limitation or liability for consequential or incidental damages so the above limitation may not apply to you Copyright 2
11. sssseennmennnnmemn nnnm 52 4 4 1 elzapccuoRRRRRRRRRRRRREREEEEMMMMMMMMEMMMMEMMMMMMMMEMMEMMMMMMEMMMMMMMMMMMMNMMIMM 52 4 4 2 Configuring for Windows User Accounts sssseee ener eres 52 4 4 2 1 Windows user name resolution nennen ennemis 52 AB IP MM EE OST RD MM 53 4 4 2 3 Default domain nennen nnn a a e e r m 53 4 4 3 WI ND Dee ctore noe UEM eee rae MI eer eee teres 53 4 4 3 1 DIGIPASS users log in with OTP only Windows user accounts 54 4 4 3 2 DIGIPASS users log in with password and OTP Windows user accounts sssennns 54 44 3 3 Local authentication Only 3 saw teen totu a rut eoe veruni Fuere ee nie hts REAREA RARAN 4 dedil 55 44 3 4 One step challenge reSponse u tt rr e rere Pe P RE RR b ha eR aan 56 4435 Iwo sstep challenge TesporiSB ics t perte rb k ku Ka hi keki Ka ha ap Para aza besi priua e td renard papa 56 4 4 3 0 MiftualDIGIPASS ccce rnt rr mt eter rte mm 56 5 Po t InStallatlon FaSKS si iyya al ke kana iPad na DOTEM 57 5 1 Setting Up the Response Only Login Page cccccssssscccsssseeceesssseeecssseeeeeessseeeeeesseeeeeessseeeeessssesesesseas 58 5 2 Setting Up the One Step Challenge Response Login 59 5 2 1 Configuring the Authentication Server ssssseenenen nnn rennen 59 5 2 2 Configuring the DIGIPASS Authentication Plug In seee nnn 59 5 2 3 Configuring the Login Pa
12. 2 3 Intormatien from Traca FIG usos eec eet eee cr et ente i er e rte a he E ee a be 72 6 2 4 Authentication Seres vie ecce rtr meni eei aa xan Tercero ta E y e nen 72 6 2 5 Web BrOWSeTF essssssseennmenenememen ener nDnHnHnEnNR EE NHNnEHEHnHnHJDDJDDMDHDDDJBH e EMO VNENAN 73 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 4 DIGIPASS Authentication for OWA Forms User Manual Table of Contents 6 2 6 LENE GUD SHAG xor eio eee rer eR Vc FER CE Y EE EE ER anc ven Ee EET unde eer E FEY ER ee EE Ter beta V EP E re 73 6 2 7 SO ete 73 6 3 Repainng the Installation istics iurada ei bmc a a S LA rAL aRA 74 7 Uninstalling DIGIPASS Authentication for OWA Forms eeennn mmm 75 7 1 Uninstalling DIGIPASS Authentication for OWA Forms eeeennm mms 76 8 Technical SUID LOGAN Ecc KA KA 77 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 5 DIGIPASS Authentication for OWA Forms User Manual Table of Contents Illustration Index Figure 1 DIGIPASS Authentication for OWA Forms Overview enne 12 Figure 2 Standard Server Connection Configuration ssssseeem enne 16 Figure 3 Installing DIGIPASS Authentication for OWA Forms 1 seen
13. In fails to authenticate the user the Web browser is redirected to this URL If this field is left empty the default OWA failure message will be displayed Session variables Specify session variables for the failed login page The Session Variables list contains query string parameters from the login submit request which should be included in the failed login URL such as session identifiers Return failure reason Select this if you want to enable the DIGIPASS Authentication Plug In to add information about a login failure to the login page Authentication failure code and reason will be included in the failed login page request If a custom failed login page is provided this information can be evaluated by examining the failcode and failmessage query String parameters Two step challenge response Template Specify the location of the challenge response template if you want to use two step challenge response or Virtual DIGIPASS login 6 Specify the settings for one step challenge response Enable one step challenge response Select this to allow one step challenge response logins Base URL Specify the base URL of the login request page Query string parameters Specify query string parameters for the Web site The query string parameters list contains URL parameters required by OWA when a login is submitted The DIGIPASS Authentication Plug In will only identify a request as a one step challenge response login if these variables are pre
14. In should wait before attempting to reconnect to the authentication server e Maximum reconnect interval in sec Specify the maximum amount of time that the DIGIPASS Authentication Plug In should wait before attempting to reconnect to the authentication Server 8 Specify secure connection settings e Select Use Windows built in CA certificate repository if you want to trust the certificate authorities in the Windows CA certificate repository e Select Load CA certificates from file if you want to use your own CA certificate list Browse to the certificate file and click Open 9 Click Apply for your changes to take effect 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 32 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 1 3 Configuring Authentication Settings To configure authentication settings 1 Start DIGIPASS Authentication Plug In Configuration Center and select Authentication DIGIPASS Authentication Plug In Configuration Center iBi xi General Authentication Change OWA Forms authentication options Servers and Connections General Tracing Enable OWA Forms authentication DIGIPASS Authentication for OWA Forms Authentication Figure 15 Configuring Authentication Settings 1 2 Select Enable OWA Forms authentication to allow the DIGIPASS Authenticatio
15. eo authentication Figure 5 Installing DIGIPASS Authentication for OWA Forms 3 4 Click Install to start the installation i DIGIPASS Authentication for OWA Forms 3 4 0 Ready to Install the Program The setup is ready to begin installation Figure 6 Installing DIGIPASS Authentication for OWA Forms 4 5 After successful installation click Finish to exit the setup program The DIGIPASS Authentication for OWA Forms configuration wizard is started 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 23 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms 3 4 Using the DIGIPASS Authentication for OWA Forms Configuration Wizard After you have finished the installation wizard the DIGIPASS Authentication for OWA Forms configuration wizard is started automatically Go through the wizard to define the basic settings for using the DIGIPASS Authentication Plug In Once the wizard is complete the DIGIPASS Authentication Plug In s Settings xml is filled with the default configuration for OWA forms and the DIGIPASS Authentication Plug In is ready for use For further configuration options and to change your initial settings use the DIGIPASS Authentication Plug In Configuration Center or edit Settings xml For more information refer to Sections 4 1 Using the DIGIPASS Authentication Plug In Configuration
16. how to configure DIGIPASS Authentication for OWA Forms e how to troubleshoot possible issues that may occur when working with DIGIPASS Authentication for OWA Forms This guide does not provide e detailed information about IDENTIKEY Server or aXsGUARD Identifier refer to the respective product documentation 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 8 DIGIPASS Authentication for OWA Forms User Manual Introduction 1 1 About This Manual 1 1 1 How to Use This Manual You can use this manual in different ways depending on your skill and knowledge level You can read it from the beginning to the end highly recommended for novice users you can browse through the chapter abstracts and read specifically the chapters relevant to your needs or you can search by key words in the index if you need to find certain references quickly s If you need to Refer to get an overview of the DIGIPASS Authentication for OWA 2 DIGIPASS Authentication for OWA Forms Forms architecture and features Overview get instructions to install DIGIPASS Authentication for OWA 3 Installing DIGIPASS Authentication for OWA Forms Forms AND 5 Post Installation Tasks configure DIGIPASS Authentication for OWA Forms and or 4 Configuring DIGIPASS Authentication for Exchange OWA Forms troubleshoot your DIGIPASS Authentication for OWA Forms 6 Troubleshooting ins
17. or Active Directory authentication The authentication server will not store or replay a user s Active Directory password DIGIPASS assignment mode Either Self Assignment or Auto Assignment would typically be used in this scenario although manual assignment may also be used Local authentication The typical setting for local authentication would be DIGIPASS Password meaning that users usually need to use an OTP when logging in but are not required to in some circumstances e g in grace period 4 4 3 3 Local authentication only These settings are typically used where e he authentication server does not check authentication details against Windows accounts Back end authentication e Back end authentication none The authentication server will not check user login details with Active Directory DIGIPASS user account handling e Dynamic user registration disabled e Password autolearn disabled e Stored password proxy disabled New DIGIPASS user accounts must be created manually no DUR An Active Directory password is not stored because back end authentication is disabled 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 55 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms DIGIPASS assignment mode Manual assignment would be used in this scenario Local authentication The typical setting
18. recognize the particular document you are referring to please include the following information in your subject header DAOWAF UM 02032012 Please note that product support is not offered through the above mail address 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 10 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 2 DIGIPASS Authentication for OWA Forms Overview This chapter gives an overview of the DIGIPASS Authentication for OWA Forms features and functionalities It provides a list of terms you should be familiar with when working with DIGIPASS Authentication for OWA Forms and outlines various authorization scenarios This chapter covers the following topics e General Overview e DIGIPASS Authentication Plug In Terminology e Authentication Methods e Server Connection Management e racing 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 11 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 2 1 General Overview The DIGIPASS Authentication Plug In is an add on for Internet Information Services IIS and can be configured to intercept authentication requests to Web sites using the HTTP forms authentication mechanism It allows users to use one time passwords OTPs instead of static pas
19. submitting login requests to the Web site The default value is UTF 8 CAUTION The DIGIPASS Authentication Plug In can only be configured to use a single character set it is not able to handle multiple character sets simultaneously Table 1 Language Codes Language ISO Code Windows Code Other Code s Arabic ISO 8859 6 CP1256 Baltic ISO 8859 4 or ISO CP1257 8859 13 Central European ISO 8859 2 CP1257 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 44 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms Language ISO Code Windows Code Other Code s Chinese Simplified ISO 2022 CN GB2312 Chinese Traditional Big5 Cyrillic S0 8859 2 CP1251 Greek S0 8859 7 CP1253 Hebrew S0 8859 8 I CP1255 Japanese ISO 2022 JP Korean S0 2022 KR Thai S0 8859 11 CP874 Turkish S0 8859 9 Vietnamese CP1258 Western European 0 8859 1 CP1252 FormsBasedAuthentication gt SiteList gt Site0 gt LoginPage gt BaseURL URL to use in submitting a login The default value is owa auth owaauth dll Exchange 2007 or owa auth owa Exchange 2010 FormsBasedAuthentication gt SiteList gt Site0 gt LoginPage gt QueryStringParameterList gt QueryStringParameter0 gt NameValuePair
20. the list which contains IP addresses assigned to the current machine The DIGIPASS Authentication Plug In will use the selected IP address exclusively As VASCO component licensing operates on IP address this ensures that the DIGIPASS Authentication Plug In will only use up one component license slot For more information refer to Section 3 2 4 Licensing DIGIPASS Authentication Plug In Configuration xj Specify the IP address Select the IP address that the DIGIPASS Authentication Plug In should use for sending requests to the IDENTIKEY Server HERE SE O Note The DIGIPASS Authentication Plug In license will be tied to this IP address Figure 9 Using the Configuration Wizard 3 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 25 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms 4 Specify whether to create an IDENTIKEY client record DIGIPASS Authentication Plug In Configuration xi Specify whether to create an IDENTIKEY client record Specify an administrator login required to create a dient record in the IDENTIKEY Server s database unless such a record already exists for it with the IP address specified on the previous page This will optionally install a license you can specify on the next page User name Password C Don t create client record This setting is typically us
21. 012 VASCO Data Security International Inc All rights reserved No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of VASCO Data Security Inc Trademarks VASCO VACMAN IDENTIKEY aXsGUARD DIGIPASS CertilD and the Vasco V logo are registered or unregistered trademarks of VASCO Data Security Inc and or VASCO Data Security International GmbH in the U S and other countries Date 2012 03 02 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 2 DIGIPASS Authentication for OWA Forms User Manual Table of Contents Table of Contents 1 Introduction ERR RERO 8 1 1 About This Manual kanin kan k bendeka kal s na nennen nnnm bana k n nnn xen dakan k aU Wek BAR N 9 1 1 1 How to Use This Manual essen nnne ener nnne 9 1 1 2 Document CONVENTIONS css uere st riter re irrita ee itera esie tier dev in ont ote uei Gt in e 9 TAS Providing REGO ACK miraire aiie aa ER VE P e EP E Ebr e EIER Vere r m z 10 2 DIGIPASS Authentication for OWA Forms Overview een 11 ANEEC OCC I PEERS LEEREN 12 2 2 DIGIPASS Authentication Plug In Terminology eennnmmmnnmmnnmnnnns 13 23 A thentication NINOS oes n ka da ipae nnn sd Edu cta den o
22. 5 2 Setting Up the One Step Challenge Response Login Two step challenge response login After the login page the DIGIPASS Authentication Plug In redirects users to a Challenge page where a random challenge of the length required by the user s DIGPASS is displayed The user must enter a response to the challenge in order to complete the login A challenge page template must be used with this feature A default template is provided It can be used without modification or it can be customized to match your preferred look and feel For more information refer to Section 5 4 Creating a Two Step Challenge Response Template Virtual DIGIPASS login Users logging in with a Virtual DIGIPASS use a similar process to the two step challenge response login If the user has a primary Virtual DIGIPASS assigned or requests use of the backup Virtual DIGIPASS feature during the first step an OTP will be sent to the user s mobile phone via text message The user is then redirected by the DIGIPASS Authentication Plug In to the challenge page to enter the OTP This uses the same challenge template used in the two step challenge response login 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 14 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 2 4 Server Connection Management The DIGIPASS Authentication Plug In provid
23. Center and 4 2 Editing the Configuration File 3 4 1 Configuring DIGIPASS Authentication for OWA Forms gt To configure DIGIPASS Authentication for OWA Forms 1 When the wizard is started click Next The configuration wizard is started automatically after you have completed the installation wizard Afterwards if you want to modify your settings using the wizard select Start gt All Programs gt VASCO gt DIGIPASS Authentication for OWA Forms gt Configuration Wizard DIGIPASS Authentication Plug In Configuration x Configure DIGIPASS Authentication Plug In for OWA Forms This wizard helps you to configure the DIGIPASS Authentication Plug In for Internet Information Services US for the first time Click Next to continue Figure 7 Using the Configuration Wizard 1 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 24 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms 2 Specify the IP address and SEAL port of the authentication server zi 4 Specify the connection details X Enter the connection details of the IDENTIKEY Server to use for DIGIPASS authentication After installation the connection can be configured in detail induding use of SSL IP address SEAL port 20003 me gt ome Figure 8 Using the Configuration Wizard 2 3 Select an IP address from
24. Connection0 gt SSL gt CustomCertificateArchiveFilePath File location and name of custom certificate store 4 2 2 2 Tracing Tracing gt TraceFilePath The absolute path and file name of the file to which internal state tracing will be written The file but not the path will be created by the DIGIPASS Authentication Plug In if it does not exist whenever information is logged The default value is INSTALLATION DIRECTORY gt Log DIGIPASSPlugin_IIS_OWAForms trace Tracing gt TraceFileEnable Enable disable tracing The default value is FALSE Tracing gt TraceCodelnfo Defines if source code information is traced Use this for troubleshooting in collaboration with VASCO support The default value is FALSE Tracing gt TraceProcessinfo Defines if process information is dumped at start and end of tracing session The default value is FALSE Tracing gt TraceLevel Basic or full tracing The possible values are e 300 for errors only e 200 for errors and warnings e 100 for basic tracing e 50 for full tracing e 25for full tracing including connection diagnostics information The default value is 100 4 2 2 3 Forms based authentication FormsBasedAuthentication gt Enabled 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 43 DIGIPASS Authentication for OWA Forms User Manua
25. Enable Outlook Anywhere Properties ecp Default Web Site Properties Figure 20 Configuring Exchange 2010 2 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 50 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 11 Right click the required ECP site and select Properties The ecp Default Web Site Properties Dialog is displayed Gener Authentication C Use one or more standard authentication methods intearated Windows authentication Digest authentication for Windows domain servers IV Basic authentication password is sent in clear text Use forms based authentication Exchange Control Panel uses the same sign in format as Outlook Web App 1 To configure SSL settings for this Exchange Control Panel virtual directory use the Intemet Information Services IIS snapin Figure 21 Configuring Exchange 2010 3 12 Switch to the Authentication tab 13 Select Use forms based authentication 14 Click OK 15 Restart the Exchange server 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 51 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 4 Configuring the Authentication Server 4 4 1 Client Record A client record must be configured in the authentication se
26. IGIPASS Authentication Plug In Authentication settings in Exchange must be compatible with the DIGIPASS Authentication Plug In The following section describes how to configure Exchange for use with the DIGIPASS Authentication Plug In 4 3 1 Configuring Exchange 2007 Exchange must have forms authentication enabled and Windows integrated authentication disabled to allow the DIGIPASS Authentication Plug In to intercept authentication requests and where appropriate pass them to the authentication server To configure Exchange 2007 1 Open Exchange Management Console Expand the required server Expand Server Configuration Click Client Access 9r de ooo IN Right click OWA and select Properties The owa Default Web Site Properties Dialog is displayed Public Computer File amp ccess l Private Computer File amp ccess Remote File Servers General Authentication Segmentation C Use one or more standard authentication methods F integrated Windows authentication Digest authentication for windows domain servers WV Basic authentication password is sent in clear text Use forms based authentication Logon Format Domain user name C User principal name UPN C User name only Logon domain Browse To configure SSL settings for this Outlook Web Access virtual directory use the Internet Information Services IIS snap in Cancel Apply Help Figure 18 Modifying Authentication Settin
27. IGIPASS Authentication Plug In may need to be repaired if files have been corrupted deleted or lost gt To repair the DIGIPASS Authentication Plug In installation 1 Locate and double click on the DIGIPASS Authentication for OWA Forms msi file 2 Click Next 3 Select Repair to enter the repair function and click Next xl Program Maintenance T Modify repair or remove the program DiGIPASS Repair installation errors in the program This option fixes missing or corrupt files shortcuts and registry entries C Remove Fa Remove DIGIPASS Authentication for OWA Forms from your computer IF Keep trace files Figure 29 Repairing the Installation 4 Click Install to confirm the repair 5 Click Finish to exit the setup program If you have deleted or moved the configuration file changed the IP address for the machine or received a new license for the DIGIPASS Authentication Plug In you will need to run the DIGIPASS Authentication for OWA Forms configuration wizard after the installation repair 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 74 DIGIPASS Authentication for OWA Forms User Manual Uninstalling DIGIPASS Authentication for OWA Forms 7 Uninstalling DIGIPASS Authentication for OWA Forms This chapter contains instructions to remove an existing DIGIPASS Authentication for OWA Forms installation This chapter covers the following top
28. Installing DIGIPASS Authentication for OWA Forms 3 1 System Requirements 3 1 1 Software Requirements To install DIGIPASS Authentication for OWA Forms you need An authentication server running on another machine This should be one of the following e IDENTIKEY Server 3 1 or later IDENTIKEY Server component e aXsGUARD Identifier 3 1 3 x or later Internet Information Services IIS 7 or 7 5 Windows Server 2008 with SP1 or later 32 and 64 bit OR Windows Server 2008 R2 with SP1 or later 64 bit MS Exchange 2007 or 2010 using Outlook Web Access in forms authentication mode and SSL The user must have administration rights on the installation machine 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 19 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms 3 2 Pre Installation Tasks Before installing the DIGIPASS Authentication Plug In there are several tasks which need to be completed Performing these tasks where applicable will assist in a quick smooth installation process 3 2 1 Installing the Authentication Server An authentication server should be installed on the network before the DIGIPASS Authentication Plug In is installed See Section 3 1 System Requirements for compatible servers and 4 4 Configuring the Authentication Server for configuration recommendations CAUTION If the u
29. Name EnableSSL Type BOOL gt TRUE lt Value gt lt Value Name EnableCustomCertificateArchiveFile Type BOOL gt FALSE lt Value gt Value Name CustomCertificateArchiveFilePath Type STRING gt lt Value gt lt Key gt lt Key gt lt Key gt lt Key gt Key Name Tracing gt Value Name TraceFilePath Type STRING gt C Program Files VASCO DIGIPASS Authentication for OWA Forms Log NDIGIPASSPlugin IIS OWAForms trace Value 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 39 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms lt Value Name TraceFileEnable Type BOOL gt FALSE lt Value gt Value Name TraceCodeInfo Type BOOL gt FALSE lt Value gt Value Name TraceProcessInfo Type BOOL gt FALSE lt Value gt lt Value Name TraceLevel Type INT gt 100 lt Value gt lt Key gt Key Name FormsBasedAuthentication Value Name Enabled Type BOOL gt TRUE lt Value gt lt Key Name SiteList gt Key Name Site0 gt lt Value Name Name Type STRING gt Microsoft Exchange Server 2007 lt Value gt Value Name ComponentType Type STRING gt Outlook Web Access lt Value gt lt Key Name LoginRequestFields gt Value Name DomainField Type STRING gt domain lt Value gt Value Na
30. OLDER WASCOVDIGIPASS Authentication for OWA Forms Templates OWAF 2010 logon aspx X X Templates for OWA 2010 Readme txt X X 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 66 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting 6 1 2 Checking Permissions 6 1 2 1 Trace file directory Permissions need to be set to allow the DIGIPASS Authentication Plug In to access and write to the trace file By default the trace file is stored in lt INSTALLATION DIRECTORY gt Log Follow these steps for the folder the trace file will be written to gt To set permissions for tracing 1 Open Windows Explorer and browse to the directory that the trace file will be written to INSTALLATION DIRECTORY gt Log by default 2 Right click on the relevant directory and select Properties The Log Properties Dialog is displayed l Log Properties x General Sharing Security Previous Versions Customize Object name C Program Files VASCO DIGIPASS Authenticatior Group or user names t CREATOR OWNER Figure 22 Setting Permissions for Tracing Switch to the Security tab Ensure that the IUSR account has Write permissions selected Ensure that the IIS IUSRS group has Write permissions selected D m ds amp If changes need to be made to the permissions make changes and click Apply 2012 VASCO Data Security International Inc A
31. S group If the IUSR account and or IIS_IUSRS group are not listed for the trace file directory or configuration file you will need to add them gt To add the IUSR account and or IIS_IUSRS group 1 Right click the file or directory for which you want to add the IIS_IUSRS group and or the IUSR account and select Properties The lt FILE DIRECTORY gt Properties Dialog is displayed 2 Switch to the Security tab and click Edit The Permissions for lt FILE DIRECTORY gt Dialog is displayed 3 Click Add The Select Users or Groups Dialog is displayed 4 Type IUSR or IIS IUSRS into the Enter the object names to select field and click OK Select this object type Users Groups or Built in security principals Object Types From this location VMSRV2K8 EEB Locations Enter the object names to select examples PR Check Names NI ia Figure 24 Adding the IIS IUSRS Group 5 Check that the IIS_IUSRS group or IUSR user is listed 6 Click OK The account should now be listed in the Group or user names list 6 1 3 Ensuring the DIGIPASS Authentication Plug In Is Registered in IIS To ensure the DIGIPASS Authentication Plug In is registered 1 Open Internet Information Services IIS Manager and select the appropriate server 2 Select Modules 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 69 DIGIPASS Authentication for OWA F
32. andard OWA login page has been modified and placed in the lt INSTALLATION DIRECTORY gt Templates OWAF lt VERSION gt directory To use a login page which has been customized for your company e g colors and graphics used follow the instructions in Section 5 2 3 1 Modifying the custom login page 5 2 1 Configuring the Authentication Server To configure the authentication server e Enable one step challenge response in the policy set in the DIGIPASS Authentication Plug In s client record See 4 4 3 4 One step challenge response for policy settings required for one step challenge response 5 2 2 Configuring the DIGIPASS Authentication Plug In To configure the authentication plug in e Enable one step challenge response in the DIGIPASS Authentication Plug In Configuration Center This may be enabled for the main Web site or in a separate Web site catering only for one step challenge response logins 5 2 3 Configuring the Login Page gt To configure the login page 1 Backup lt EXCHANGE DIRECTORY gt logon aspx to a suitable place 2 To use the default login page supplied with DIGIPASS Authentication for OWA Forms copy the login page from lt INSTALLATION DIRECTORY gt Templates OWAF lt VERSION gt logon aspx to lt EXCHANGE DIRECTORY gt logon aspx 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 59 DIGIPASS Authentication for OWA Fo
33. apter covers the following topics e Setting Up the Response Only Login Page e Setting Up the One Step Challenge Response Login e Displaying the Login Failure Reason e Creating a Two Step Challenge Response Template 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 57 DIGIPASS Authentication for OWA Forms User Manual Post Installation Tasks 5 1 Setting Up the Response Only Login Page An example logon aspx is delivered along with DIGIPASS Authentication for OWA Forms You may create your own based on this template use the template as is or use the standard OWA login page No further configuration steps are necessary gt If you do not want to use the standard OWA login page 1 Backup the existing login page 2 Copy over the existing page with the supplied login page in lt INSTALLATION DIRECTORY gt Templates OWAF lt VERSION gt logon aspx OR modify the existing page with VASCO s code 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 58 DIGIPASS Authentication for OWA Forms User Manual Post Installation Tasks 5 2 Setting Up the One Step Challenge Response Login NOTE This step only needs to be performed if one step challenge response is being implemented Implementing one step challenge response login requires the login page used by OWA to be modified The st
34. ation servers The default value is FALSE Servers and Connections gt ConnectionList gt Connection0 gt Name The server name that will be displayed in the Authentication servers list in the DIGIPASS Authentication Plug In Configuration Center The default value is Main Server Servers and Connections gt ConnectionList gt Connection0 gt ServerlPAddress 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 41 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms The authentication server s IP address Servers and Connections gt ConnectionList gt ConnectionO gt ServerPort The authentication server s port The default value is 20003 Servers and Connections gt ConnectionList gt Connection0 gt ServerType Either primary or backup authentication server This setting affects load balancing The default value is Primary Servers and Connections gt ConnectionList gt Connection0 gt MaxConcurrentConnections The maximum number of concurrent connections which the DIGIPASS Authentication Plug In may hold open to the authentication server The default value is 10 Servers and Connections gt ConnectionList gt Connection0 gt ConnectionTimeoutSeconds Connection timeout in seconds The de
35. ational Inc All rights reserved Unauthorized duplication or distribution is prohibited 20 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms 3 2 4 Licensing The authentication server will associate authentication requests from each incoming IP address with a different client record Your DIGIPASS Authentication Plug In license will be tied to that IP address The IP address of the computer where IIS is running must match the IP address of the license or authentication will not be possible 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 21 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms d d Installing DIGIPASS Authentication for OWA Forms To install DIGIPASS Authentication for OWA Forms 1 Locate DIGIPASS Authentication for OWA Forms msi and start the installation process fe DIGIPASS Authentication for OWA Forms 3 4 0 x Welcome to the DIGIPASS Authentication for OWA Forms Setup The setup will install DIGIPASS Authentication for OWA Forms on your computer To continue Next dG WARNING This ajan is protected by copyright law and international trea DIGIPASS authentication lt Back Wes Cancel Figure 3 Installing DIGIPASS Authentication for OWA Forms 1 2 Read the license agreement text select accept the ter
36. authentication methods F Integrated Windows authentication Digest authentication for Windows domain servers WV Basic authentication password is sent in clear text Logon Format Domain user name C User principal name UPN C User name only Logon domain Browse To configure SSL settings for this Outlook Web Access virtual directory use the Internet Information Services IIS snap in Cancel Apply Help Figure 19 Configuring Exchange 2010 1 7 Switch to the Authentication tab 8 Ensure that Use forms based authentication is selected NOTE You may choose any of the options below Use forms based authentication 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 49 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 9 Click OK 10 Switch to the Exchange Control Panel tab ta Exchange Management Console Microsoft Exchange 1 object amp Microsoft Exchange On Pren Client A ssa Organization Configurati E J88 Configure External Client Access s Export List View 2 B A Bi Unified Messaging amp Recipient Configuration lG Refresh d Toolbox E Hep PC BRI EXCH2010 2 amp Manage Mailbox Role n Manage Hub Transport Role Gm Manage Diagnostic Logging Pr
37. c user registration enn 52 F forms authentication explanation esses 13 installation pre installation tasks E eee 20 installation instructions sss 22 Internet Information Services IIS manually registering the DIGIPASS Authentication Plug In 70 troubleshooting enne 69 L esi n tee 21 M Microsoft Exchange h eee 47 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited DIGIPASS Authentication for OWA Forms User Manual CONOUG PP cet tete ede t ecd um 47 configuring Exchange 2007 sss 47 Configuring Exchange 2010 see 48 0 one step challenge response Setting User Dn nnn 59 setting up authentication server 59 setting up DIGIPASS Authentication Plug In 59 setting up login page m 59 P post installation tasks creating two step challenge response template 63 displaying login failure reason sse 61 modifying the login page s 58 setting up one step challenge response 59 pre installation tasks 20 authentication server installing 20 Exchange accent rete ei ns 20 IIS 20 licensing information 21 S server conne
38. ction management ssssse 15 DACKUD cec etosiotore deret te 31551550 NO Meee YEKA NE WW 15 maximum connections ccccceeceseesesecsssecsessssetsssesssseaees 15 PMAN sod scere e repe habe Ph artic eris nn 15 reconnect IfterVal yy cett tec exces 15 Illu MT em 15 support information eee ke bia N aki TT System requirements eee 19 authentication Server deterret 19 7 A N aranza EEE AAEE EA 17 ap 17 CAUTION set s crt tn e i e t n M 17 TUL DERE AAE NER HMM HE 17 troubleshooting application pools sen n 72 authentication server sss 72 checking file placement sss 65 checking permissions sss 67 checking permissions configuration file 68 checking permissions trace file directory 67 DIGIPASS Authentication Plug In installation problems 65 IIS IUSRS group adding 69 IUSR account adding nn 69 NCONSING pe C 73 manually registering the DIGIPASS Authentication Plug In in SPP PRU ROME REM 70 MO trace filg o cerent ere entire reet en T2 l egiStration ln S sy cce ccr er te edet 69 repairing the installation eene 74 Ok e kane p BARRERA rere rere eter 73 two step challenge response creating template eee 63 W Windows use
39. dy been solved and reported in the Knowledge Base at the following URL http www vasco com support 2 If there is no solution in the Knowledge Base please contact the company which supplied you with the VASCO product If your supplier is unable to solve your problem they will automatically contact the appropriate VASCO expert 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 77 DIGIPASS Authentication for OWA Forms User Manual Index A authentication methods 14 one step challenge response login 14 response only login uue 14 two step challenge response logi 14 virtual DIGIPASS login sene 14 authentication server CASE SENSN ys sy et ertet ente ce etn entitas 53 CAUTION sci 16s eeepc etri n a diee enis 20 Client record configuring 5 tn 52 configuring nnne 52 HI N NNN T TT Y D 8 nnn nod add 53 default domain changing master domain 53 default domain setting default domain in policy 53 explanation esseeennnnnnnnnnnes 13 IP address 25 policy GOTO U Oisein 53 policy local authentication only 55 policy login With OTP only eene 54 policy login with password and OTP
40. e client record is the record defined in the authentication server s data store to represent an installed instance of the DIGIPASS Authentication Plug In It is used for the following main purposes e To indicate that the authentication server is permitted to process a request from that client e Tospecify a policy to be used to process the request e To hold a license key for the DIGIPASS Authentication Plug In Forms authentication The method of authentication where a Web site provides its own login page DIGIPASS Authentication Plug In General term for a plug in to IIS to allow DIGIPASS authentication to take place 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 13 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 2 3 Authentication Methods See the Product Guide for your authentication server product for detailed information on login methods and options Response only login Users log in via the current login page with their user name and a one time password OTP One step challenge response login A random challenge of a length configured for all users in the authentication server s policy is displayed on the login page Users log in with their user name and DIGPASS response to the displayed challenge This requires modification of the current login page used by OWA For more information refer to Section
41. ed users The DIGIPASS Authentication Plug In Configuration Center will prevent most common configuration mistakes but there are no such checks made when edits are made directly to the configuration file Incorrect changes to the configuration file may cause the DIGIPASS Authentication Plug In to stop working If Settings xml is damaged uses incorrect XML syntax etc the DIGIPASS Authentication Plug In will attempt to operate with default values with logging enabled and attempt to report the problems with Settings xml 4 2 1 Example Configuration File lt xml version 1 0 encoding UTF 8 gt lt Profile gt lt Key Name Servers and Connections gt Value Name LocalIPAddress Type STRING gt 192 168 47 11 lt Value gt lt Value Name ServerLoadBalancing Type BOOL gt FALSE lt Value gt Key Name ConnectionList Key Name Connection0 Value Name Name Type STRING gt Main Server lt Value gt Value Name 2 ServerlIPAddress Type STRING gt 192 168 1 1 lt Value gt Value Name ServerPort Type INT gt 20003 lt Value gt Value Name ServerType Type STRING gt Primary lt Value gt lt Value Name MaxConcurrentConnections Type INT gt 10 lt Value gt lt Value Name ConnectionTimeoutSeconds Type INT gt 10 lt Value gt Value Name MinReconnectIntervalSeconds Type INT gt 10 lt Value gt Value Name MaxReconnectIntervalSeconds Type INT gt 10 lt Value gt akey Names SSL lt Value
42. ed when a dient record for the DIGIPASS Authentication Plug In already exists me gt m Figure 10 Using the Configuration Wizard 4 e Select Create client record automatically if you want to specify the administrator login for the authentication server to register the DIGIPASS Authentication Plug In as a client in the authentication server database Provide the user name and password to allow administrative access to the authentication server e Select Don t create client record if the client record for the DIGIPASS Authentication Plug In already exists in the authentication server database or you prefer to create it manually 5 Specify a license key This option is available only if you selected Create client record automatically DIGIPASS Authentication Plug In Configuration BE xi Specify license key e x Select a license key for the DIGIPASS Authentication Plug In or skip to activate later License key Browse eo If you don t have a valid license key for this machine you need to request one via the VASCO Web site Request license from www vasco com Figure 11 Using the Configuration Wizard 5 e Browse to the license dat file to load the license key from where you saved it on your local machine and click Open to load the license key from the file 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 26 DIGIPASS Authe
43. es flexibility in managing connections to multiple primary and or backup authentication servers This allows redundancy and load sharing over multiple servers 2 4 1 Connection Profiles Two connection profiles are available Primary The server s to which the DIGIPASS Authentication Plug In will first attempt to connect using a round robin scheme Backup Backup servers will be used if load sharing is enabled and the primary server s are busy 2 4 2 Connection Options Maximum connections The maximum number of connections that the DIGIPASS Authentication Plug In may have open to the authentication server at one time Timeout The time that the DIGIPASS Authentication Plug In should wait for a reply from the authentication server Reconnect interval If the DIGIPASS Authentication Plug In cannot connect to an authentication server it will make another connection attempt to this server only after a time period defined by the reconnect interval If other servers are configured connection attempts to these servers are made in the meantime 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 15 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 2 4 3 Standard Server Setup Web Server Main Server link Secondary Server link Authentication Server Authentication Server B Work Site
44. fault value is 10 Servers and Connections gt ConnectionList gt Connection0 gt MinReconnectintervalSeconds The minimum amount of time in seconds that the DIGIPASS Authentication Plug In will leave between attempts to reconnect to an authentication server after an unsuccessful connection attempt e g server busy The default value is 10 Servers and Connections gt ConnectionList gt Connection0 gt MaxReconnectintervalSeconds The maximum amount of time in seconds that the DIGIPASS Authentication Plug In will leave between attempts to reconnect to an authentication server after an unsuccessful connection attempt e g server busy The default value is 10 Servers and Connections gt ConnectionList gt Connection0 gt SSL gt EnableSSL Enable disable the use of SSL when connecting to this authentication server The default value is FALSE Servers and Connections gt ConnectionList gt Connection0 gt SSL gt EnableCustomCertificateArchiveFile Enable disable certificate archive file for use instead of the Windows certificate store The default value is FALSE 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 42 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms Servers and Connections gt ConnectionList gt
45. fig64 exe 64 bit systems 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 29 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 1 2 Configuring Servers and Connections To add and configure authentication servers 1 Start DIGIPASS Authentication Plug In Configuration Center and select Servers and Connections Zini xi General Servers and Connections N Change IDENTIKEY Server and connection options Servers and Connections Authentication Servers Tracing Authentication servers DIGIPASS Authentication for OWA Forms a Add elete Moye up Moye down Connect from IP address x Note IP address should match the DIGIPASS Authentication Plug in license configured at the IDENTIKEY Server s used Authentication Enable load sharing Figure 13 Configuring Servers and Connections 1 2 Doone of the following e Click Add if you want to add a new authentication server e To modify the settings for an authentication server select the server from the Authentication servers list 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 30 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms The Configuration for lt AUTHENTICATION SERVER section appear
46. for local authentication would be Digipass Only requiring users to log in with an OTP 4 4 3 4 One step challenge response If you use one step challenge response you will need these policy settings One step challenge response permitted yes server challenge Challenge length 4 digits Add check digit as required Challenge check mode 0 For more information see the Policies section of the IDENTIKEY Server Product Guide 4 4 3 5 Two step challenge response If you use two step challenge response you will need these policy settings Request method as required Request keyword as required For more information see the Policies section of the IDENTIKEY Server Product Guide 4 4 3 6 Virtual DIGIPASS If you use Virtual DIGIPASS login you will need these policy settings Delivery method as required Primary Backup Virtual DIGIPASS as required Request method as required Request keyword as required BVDP mode as required Time limit as required Max uses user as required For more information see the Policies section of the IDENTIKEY Server Administrator Guide 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 56 DIGIPASS Authentication for OWA Forms User Manual Post Installation Tasks 5 Post Installation Tasks This chapter lists and describes tasks you need to complete after installing the DIGIPASS Authentication Plug In This ch
47. g files must be placed in the directory they are listed under If they have been moved to another directory or incorrectly copied the DIGIPASS Authentication Plug In will not function correctly Table 2 Installation Structure of DIGIPASS Authentication for OWA Forms Folders and Files 32 bit 64 bit Description PROGRAMS FOLDER gt VASCO DIGIPASS Authentication for OWA Forms VdsConfig32 exe X DIGIPASS Authentication Plug In VdsConfig64 exe X Configuration Center VdsDIGIPASSPlugin_ConfigWizard32 exe X Configuration wizard VdsDIGIPASSPlugin_ConfigWizard64 exe X Dynamic link libraries for the DIGIPASS DIGIPASSPIugin IIS OWAFormsBasedMT32 dll X Authentication Plug In Configuration DIGIPASSPIugin IIS OWAFormsBasedMT64 Jdll X Center and the configuration wizard GUI32 dll X GUI64 dil X ikaal3seal dll X X libeay32 dil X X libxml2 dll X X PPDIGIPASSPlugin_Common32 dll X PPDIGIPASSPlugin_Common64 dll X PPDIGIPASSPlugin IIS FormsBased32 dll X PPDIGIPASSPlugin_IIS_FormsBased64 dil X ProcCore32 dll X ProcCore64 dll X ssleay32 dll X X StdGUI32 dll X StdGUI64 dll X stlport 5 2 dll X X vdsconfig dll X X vdscore dll X X vdscrypto dll X X vdsdata dll X X vdsdatamodel dll X X a Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 65 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting
48. ge recensiti inenen iaa h na aya ad ln an and nnn 59 5 2 3 4 Modifying the custom login Dag correcte otn tete dette rne tide rented Fendi date Pete dn a d da n 60 5 3 Displaying the Login Failure RIe SO hkllllllllllllk kaka kaka ka kaka nnaman nananana kaka ka kk YA YA 61 5 3 1 Configuring the Login Page ssssseenne nnne eren 61 5345 Modifying thecustom login PAGE a i 5 lt ky tiet e Pepe tre eU eee pue tUe rtt de Pede eet petrol 61 5 4 Creating a Two Step Challenge Response Template seeeeeeeennennnnnnn nnns 63 6 Bree iles ee eC cR 64 6 1 DIGIPASS Authentication Plug In Installation Problems eeeenm mnn 65 6 1 1 Checking Fil Pla c ll l k cinn sm vein eta ete ra eee m fece nie rer B ce rae Rh etta u da 65 6 1 2 Checking Permissions mereinen br eere etcetera ree e bete ee er nr e Ern Pres 67 6 1 2 1 Trace file dir Cl0ly 67 6 1 2 2 COnfIg ratlondlle DD DK mmmmg g gggmmg O oooo_gxax 68 6 1 2 3 Adding the IUSR account and IS AUSRS QrOUp acit kax x et kak lak kla Pre ee cika Eka Miy Mi aa ete e k n akla 69 6 1 3 Ensuring the DIGIPASS Authentication Plug In Is Registered in IS lle 69 6 2 Other Troubleshooting Options eeeenn ennemis 72 6 2 1 Application POOMS sa ccr kk FE S TEERTRE VE EEREXE E EAE erba Eur ES EYE EX ERE EX E beset 72 6 2 2 MEE m aa nr rg gi 72 6
49. gs Exchange 2007 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 47 DIGIPASS Authentication for OWA Forms User Manual 6 Switch to the Authentication tab Configuring DIGIPASS Authentication for OWA Forms 7 Ensure that Use forms based authentication is selected You may choose any of the options below Use forms based authentication NOTE 8 Click OK 9 Restart the Exchange Server 4 3 2 Configuring Exchange 2010 Exchange must have forms authentication enabled and Windows integrated authentication disabled to allow the DIGIPASS Authentication Plug In to intercept authentication requests and where appropriate pass them to the authentication server gt To configure Exchange 2010 1 OF ge se Jg Open Exchange Management Console Expand the required server Expand Server Configuration Select Client Access Switch to the Outlook Web App tab 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 48 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 6 Right click the owa and select Properties The owa Default Web Site Properties Dialog is displayed Public Computer File amp ccess l Private Computer File amp ccess Remote File Servers General Authentication Segmentation Use one or more standard
50. his option is not available for aXsGUARD Identifier Set default domain in policy This strategy should be used if e You wish to keep the master domain strictly for administration accounts and separate from user accounts e The authentication server may be required to handle a different default domain for different IIS 7 Modules or other clients Each policy may be configured with a default domain to be used if a user does not enter a domain on login Typically you will need to modify the policy used by each DIGIPASS Authentication Plug In 4 4 3 X Policy The client record created during installation of the DIGIPASS Authentication Plug In uses the default password replacement policy for the package It will be named e IDENTIKEY Windows Password Replacement IDENTIKEY Server e IDENTIKEY Microsoft AD Password Replacement aXsGUARD Identifier This policy is configured with the following settings e Back end authentication is set to Always used for dynamic user registration password autolearn etc Not all logins e Windows is used as the back end authenticator in the IDENTIKEY Windows Password Replacement policy e Dynamic user registration password autolearn and stored password proxy are enabled 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 53 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms e Gr
51. ications END gt 4 Save and close the custom login file 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 62 DIGIPASS Authentication for OWA Forms User Manual Post Installation Tasks 5 4 Creating a Two Step Challenge Response Template The example Challenge template html is found in the lt INSTALLATION DIRECTORY gt Templates Common directory You may create your own based on this template or use the example template as is The template must contain a number of key words which the extension will replace with the appropriate HTML code NOTE These fields may appear more than once in the file and each instance will be replaced These fields are DPEXT FORM METHOD This is replaced with the configured form method The replaced content represents the value of the method attribute of the HTML form DPEXT FORM ACTION This is replaced with the configured login submit base URL and query strings The replaced content represents the value of the action attribute of the HTML form DPEXT PASSWORD FIELD NAME This is replaced with the configured password field name and has to be the value of the name attribute of the corresponding HTML form field DPEXT CHALLENGE TEXT This string is replaced with the challenge issued DPEXT HIDDEN FIE to be part of the HTML form E DS Thi
52. ics e Uninstalling DIGIPASS Authentication for OWA Forms 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 75 DIGIPASS Authentication for OWA Forms User Manual Uninstalling DIGIPASS Authentication for OWA Forms 7 1 Uninstalling DIGIPASS Authentication for OWA Forms gt To uninstall DIGIPASS Authentication for OWA Forms 1 Locate and double click on the DIGIPASS Authentication for OWA Forms msi file Click Next Select Remove S x Select Keep trace files if you want to preserve existing trace files xl Program Maintenance 2 Modify repair or remove the program DIGIPASS authentication C Repair Repair installation errors in the program This option fixes missing or corrupt files shortcuts and registry entries Remove DIGIPASS Authentication for OWA Forms from your computer Keep trace files Figure 30 Removing DIGIPASS Authentication for OWA Forms Click Next Click Remove to confirm the remove function Click Finish to exit the setup program e mrt e 01 After uninstallation restart the system 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 76 DIGIPASS Authentication for OWA Forms User Manual Technical Support 8 Technical Support If you encounter problems with a VASCO product please do the following 1 Check whether your problem has alrea
53. isplay name Type a name for the authentication server in this field This name is then used to distinguish the authentication server in the Authentication servers list but has no effect on the behaviour of the DIGIPASS Authentication Plug In e IP address Type the IP address for the authentication server 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 31 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms e SEAL port Type the port for the authentication server The default port is 20003 for standard and 20004 for SSL connections e Use SSL Select this if you want to use SSL when connecting to the authentication server This option is only available for IDENTIKEY Server 3 1 or later e Server type Select the server type For more information refer to Section 2 4 1 Connection Profiles 6 OPTIONAL Click Test to test if a connection to the authentication server can be established A message will appear indicating if the test was successful 7 Specify the connection parameters as needed e Timeout in sec Specify a timeout period in seconds e Maximum connections Specify the maximum number of concurrent connections to be made from the DIGIPASS Authentication Plug In to the authentication server e Minimum reconnect interval in sec Specify the minimum amount of time that the DIGIPASS Authentication Plug
54. l Configuring DIGIPASS Authentication for OWA Forms Enable disable forms based authentication with the DIGIPASS Authentication Plug In The default value is TRUE FormsBasedAuthentication gt SiteList gt Site0 gt Name Text to display in the Web Sites list in the DIGIPASS Authentication Plug In Configuration Center The default value is Microsoft Exchange Server 2007 or Microsoft Exchange Server 2010 FormsBasedAuthentication gt SiteList gt Site0 gt ComponentType The DIGIPASS Authentication Plug In to use The default value is Outlook Web Access FormsBasedAuthentication gt SiteList gt Site0 gt LoginRequestFields gt DomainField Name of the field that corresponds to domain FormsBasedAuthentication gt SiteList gt Site0 gt LoginRequestFields gt UsernameField Name of the field that corresponds to user name The default value is username FormsBasedAuthentication gt SiteList gt Site0 gt LoginRequestFields gt PasswordField Name of the field that corresponds to password The default value is password FormsBasedAuthentication gt SiteList gt Site0 gt Encoding Character set to use in sending a login request to the Web server If you are using non Western European characters the DIGIPASS Authentication Plug In may need to be configured to use a specific character set when
55. list e Identify as client type Select a client type from the list The client type is used when connecting to an authentication server to assist in finding the correct client record The client type must match the license s client type or authentication will not be possible e Character encoding Select the character encoding for HTML form parameters from the list 5 Specify the login settings for the selected Web site 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 34 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms Login submit URL Base URL Specify the base URL Query string parameters Specify query string parameters for the Web site The query string parameters list contains URL parameters required as name va lue pairs by OWA when a login is submitted The DIGIPASS Authentication Plug In will only identify a request as a login if these variables are present in the query string CAUTION You need to type the parameter exactly as it will appear in the query string Form fields User name Specify the name for the user name field of the login page Password Specify the name for the password field of the login page Domain Specify the name for the domain field of the login page Failed login Base URL If required specify the base URL of the failed login page If the DIGIPASS Authentication Plug
56. ll rights reserved Unauthorized duplication or distribution is prohibited 67 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting If the IIS_IUSRS group and or the IUSR account are not listed see Section 6 1 2 3 Adding the IUSR account and IIS IUSRS group 6 1 2 2 Configuration file To set permissions for accessing the configuration file 1 Open Windows Explorer and browse to the installation directory 2 Right click on the Settings xml file and select Properties The Settings Properties Dialog is displayed xi General Securty Details Previous Versions Object name C Program Files VASCO DIGIPASS Authenticatiot Group or user names amp SYSTEM Administrators VMSRV2K8 EEB Administrators Users VMSRV2K8 EEB Users Ges o Figure 23 Setting Permissions for Accessing the Configuration File Switch to the Security tab Ensure that the IUSR account has Read permission selected Ensure that the IIS IUSRS group has the Read permission selected Q Qr ode e If changes were made to the permissions click Apply If the IIS IUSRS group and or the IUSR account are not listed see Section 6 1 2 3 Adding the IUSR account and IIS USRS group 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 68 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting 6 1 2 3 Adding the IUSR account and IIS_IUSR
57. me UsernameField Type STRING gt username lt Value gt lt Value Name PasswordField Type STRING gt password lt Value gt lt Key gt Value Name Encoding Type STRING gt UTF 8 lt Value gt Key Name LoginPage gt Value Name BaseURL Type STRING gt owa auth owaauth dll Value Key Name QueryStringParameterList gt Key Name QueryStringParameter0 Value Name NameValuePair Type STRING gt param0 valueO Value Key Key Name QueryStringParameterl Value Name NameValuePair Type STRING gt paraml lt Value gt lt Key gt lt Key Name QueryStringParameter2 gt Value Name NameValuePair Type STRING gt param2 lt Value gt lt Key gt lt Key gt lt Key gt Key Name FailedLoginPage gt lt Value Name BaseURL Type STRING gt owa auth logon aspx replaceCurrent l amp reason 2 lt Value gt Value Name ReturnErrorReasonEnabled Type BOOL gt TRUE Value Key Name SessionVariableList Key Name SessionVariable0 gt Value Name Name Type STRING gt sessid lt Value gt lt Key gt lt Key gt lt Key gt Key Name OneStepChallengeResponsePage gt lt Value Name BaseURL Type STRING gt 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 40 DIGIPASS Authentication for OWA Forms User Manual Configu
58. ms in the license agreement and click Next E DIGIPASS Authentication for OWA Forms 3 4 0 x License Agreement Please read the following license agreement carefully DiGIPASS authenticatk IMPORTANT NOTICE PLEASE CAREFULLY READ THE TERMS AND CONDITIONS OF THIS AGREEMENT THE AGREEMENT BEFORE USING VASCO PRODUCTS IF YOU ARE A CONSUMER YOU MAY HAVE CERTAIN STATUTORY RIGHTS THAT CANNOT BE MODIFIED BY CONTRACT NO PROVISION IN THIS AGREEMENT SHALL HAVE THE EFFECT OF MODIFYING THOSE STATUTORY RIGHTS TO THE EXTENT SUCH MODIFICATIONS ARE EXPRESSLY PROHIBITED BY APPLICABLE LAW zl Kaccept the terms in the license agreement eit Ido not accept the terms in the license agreement lt Back Cancel Figure 4 Installing DIGIPASS Authentication for OWA Forms 2 3 Specify the destination folder for DIGIPASS Authentication for OWA Forms and click Next The default destination folder referred to as INSTALLATION DIRECTORY in this document is 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 22 DIGIPASS Authentication for OWA Forms User Manual Installing DIGIPASS Authentication for OWA Forms a Program Files WASCOWDIGIPASS Authentication for ds Forms DIGIPASS Authentication for OWA Forms 3 4 0 Destination Folder a Click Next to install to this folder or dick Change to install to a different folder
59. n IDENTIKEY Server on Linux or aXsGUARD Identifier If the Use Windows user name resolution feature is disabled or unavailable it is essential that users always use the same login name If they try to log in using a different form of their Windows account name their login will be rejected unless a second DIGIPASS user account has been created 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 52 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 4 2 2 Case sensitivity Windows user names are not case sensitive If the ODBC database used by the authentication server is case sensitive ensure that user ID case is converted to lower case Upper case may also be used but will involve extra configuration steps The embedded PostgreSQL database is set to convert to lower case by default See the Encoding and Case Sensitivity section in the IDENTIKEY Server Administrator Guide for more information 4 4 2 3 Default domain Where users log in without entering a domain name or UPN the authentication server will need to be configured to use the correct domain There are two basic scenarios that might apply Change master domain If users will only ever be logging in to one domain via the authentication server the simplest solution is to set the master domain name to the fully qualified domain name of the required domain T
60. n Plug In to intercept authentication requests using the authentication server 3 Doone of the following e Click Add if you want to add a new Web site 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 33 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms e To modify the settings for a Web site select the Web site from the Web Sites list DIGIPASS Authentication Plug In Configuration Center 10 xl General Authentication Change OWA Forms authentication options Servers and Connections General Tracing IV Enable OWA Forms authentication DIGIPASS Authentication for OWA Forms Authentication Configuration for Microsoft Exchange Server 2007 Site name Microsoft Exchange Server 2007 Identify as client type outiook Web Access x Character encoding Unicode UTF 8 Login Login submit URL Base URL owa auth owaauth dll Query string Add parameters Delete Form fields User name username _ Password password Domain Failed login Base URL LO iL as Session variables ok c amy Figure 16 Configuring Authentication Settings 2 4 Specify the settings for the Web site as needed e Site name Specify a name for the Web site This name is used to distinguish the Web site in the Web Sites
61. nfiguration file directly This chapter covers the following topics e Using the DIGIPASS Authentication Plug In Configuration Center e Editing the Configuration File e Configuring Exchange to Work with the DIGIPASS Authentication Plug In e Configuring the Authentication Server 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 28 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 1 Using the DIGIPASS Authentication Plug In Configuration Center A graphical user interface GUI called DIGIPASS Authentication Plug In Configuration Center is available for use in configuring the DIGIPASS Authentication Plug In This provides a simple intuitive way to set up the DIGIPASS Authentication Plug In to work with your current system If this is the first time you have opened the DIGIPASS Authentication Plug In Configuration Center and the configuration file has not been edited the values you will see are those entered when the wizard was last run 4 1 1 Starting DIGIPASS Authentication Plug In Configuration Center To start DIGIPASS Authentication Plug In Configuration Center e Select Start gt All Programs gt VASCO gt DIGIPASS Authentication for OWA Forms gt Configuration Center OR Open Windows Explorer and launch INSTALLATION DIRECTORY gt VdsContig32 exe 32 bit systems or INSTALLATION DIRECTORY WdsCon
62. nnne 22 Figure 4 Installing DIGIPASS Authentication for OWA Forms 2 eennnnnnnnnn nnne 22 Figure 5 Installing DIGIPASS Authentication for OWA Forms 9 nnne 23 Figure 6 Installing DIGIPASS Authentication for OWA Forms dJ kaka 23 Figure 7 Using the Configuration Wizard 1 24 Figure 8 Using the Configuration Wizard 2 nennen 25 Figure 9 Using the Configuration Wizard 8 nnne nnns 25 Figure 10 Using the Configuration Wizard 4 26 Figure 11 Using the Configuration Wizard 5 26 Figure 12 Using the Configuration Wizard 6 nennen 27 Figure 13 Configuring Servers and Connections 1 nnns 30 Figure 14 Configuring Servers and Connections 2 sse 31 Figure 15 Configuring Authentication Settings 1 seen nnne 33 Figure 16 Configuring Authentication Settings 2 sse 34 Figure 17 Configuring Tracing Opti0S i silka aa a kla ala mereri 37 Figure 18 Modifying Authentication Settings Exchange 2007 47 Figure 19 Configuring Exchange 2010 1 sse enne nnne 49 Figure 20 Configuring Exchange 2010 2 ete ere eet ttr este eti eerte e bete yera en che a Ferte Hd leas 50 Figure 21 Configuring Exchange 2010 3 sssssseeeeeennnemenennenne nnne enne nnns 51 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 6 DIGIPASS Authentica
63. ntication for OWA Forms User Manual e lf you do not already have a license key file click on Request license from www vasco com This will take you to the VASCO Web site where you can request a license key and save it to your local machine 6 Review the settings you have specified and click Finish DIGIPASS Authentication Plug In Configuration x Ready to complete DIGIPASS Authentication Plug In configuration X The DIGIPASS Authentication Plug In will be configured after you dick Finish You have specified the following settings a IDENTIKEY IP address ab IDENTIKEY SEAL port 20003 a Local IP address licensing a Automatic web site configuration Save configuration 33 Create IDENTIKEY dient record Figure 12 Using the Configuration Wizard 6 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited Installing DIGIPASS Authentication for OWA Forms 27 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 Configuring DIGIPASS Authentication for OWA Forms This chapter describes how to configure the DIGIPASS Authentication Plug In Configuration settings can be modified in two ways The easiest method is via the DIGIPASS Authentication Plug In Configuration Center a graphical interface that allows you to make changes with a few mouse clicks Advanced users may prefer to edit the co
64. or set of instructions 5 3 1 Configuring the Login Page A simple option is to replace the default OWA login page with the one provided with the DIGIPASS Authentication for OWA Forms This will allow OWA to display an authentication server error or status code and message on the user s screen gt To display the login failure reason 1 Backup EXCHANGE DIRECTORY gt logon aspx to a suitable place 2 Copy the modified login page from lt INSTALLATION DIRECTORY gt Templates OWAF lt VERSION gt logon aspx or other location if using a custom login page to lt EXCHANGE DIRECTORY gt logon aspx 3 Inthe DIGIPASS Authentication Plug In Configuration Center select Return failure reason and specify the base URL of the failed login page 5 3 1 1 Modifying the custom login page If you have a custom logon aspx page in use you may need to modify it rather than replacing it with the logon aspx page provided with the DIGIPASS Authentication Plug In NOTE The logon aspx page will also be set up for one step challenge response However these portions of the page will be ignored by the DIGIPASS Authentication Plug In unless one step challenge response is enabled in the configuration To modify the custom login page for displaying login failure reason 1 Backup EXCHANGE DIRECTORY Nogon aspx to a suitable place 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is
65. orms User Manual Troubleshooting 3 Verify that DIGIPASS Authentication for OWA Forms is in the Modules list Internet Information Services IIS Manager Go S gt vsrvaxe eea gt ja Ele View Help a Modules Ezan li I amp I Add Managed Module Wy Start Page Configure Native Modules 5 85 WMSRVKGEEB yMSRVaKgegg Use this feature to configure the native and managed code modules that process requests made to the Web server 2 RN 2 Application Pools Group by No Grouping n 2 8 Sites L Name Code Module T AnonymousAuthenticationModule windir System32 netsrv au Native Local X Remove CustomErrorModule windir System32 jnetsrv ku Native Local View Ordered List DefaultDocumentModule windir e System32 inetsrv de Native Local IPASS cation for orms C Program Files VASCO DIGIPA o DirectoryListingModule windir System32 netsrv dirl Native Local Online Help HttpCacheModule ewindir System32 netsrv ca Native Local HttpLoggingModule windir System32 jnetsrv jog Native Local ProtocolSupportModule windir System32 jnetsrv pr Native Local RequestFilteringModule Yewindir System32 netsrv no Native Local StaticCompressionModule windir System32 jnetsrv ko Native Local StaticFileModule Swindir System32 netsrv st Native Local OOO O 4 pf Features vien Ji 2 Content View Configuration localhost applicationHos
66. oup check mode is set to Pass Back and DIGIPASS Users is placed in the Group list This will mean that any logins by users not in the DIGIPASS users group will be ignored not rejected by the authentication server in the IDENTIKEY Windows Password Replacement policy If you need different settings either select a different policy e g Self Assignment or Auto Assignment for the DIGIPASS Authentication Plug In component or copy the password replacement policy to a new record modify the new policy as required and use the new policy for the DIGIPASS Authentication Plug In component 4 4 3 1 DIGIPASS users log in with OTP only Windows user accounts The following settings are recommended for this scenario Back end authentication e Back end authentication if needed e Back end protocol Windows IDENTIKEY Server or Microsoft AD aXsGUARD Identifier These settings allow the authentication server to check user login details with Active Directory in case of DUR password autolearn and Self Assignment logins through the DIGIPASS Authentication Plug In DIGIPASS user account handling e Dynamic user registration enabled e Password autolearn enabled e Stored password proxy enabled These settings allow the authentication server to create an account for an unrecognized user based on a successful Windows or Active Directory authentication The authentication server can then store the user s Active Directory password and replay it to
67. prohibited 61 DIGIPASS Authentication for OWA Forms User Manual Post Installation Tasks 2 Open logon aspx which is located in lt INSTALLATION DIRECTORY gt Templates OWAF lt VERSION gt 3 Copy the following pieces of code to the appropriate location in your custom login file CAUTION Make sure you insert the VASCO code to the correct location in the file Refer to the example login file delivered with the DIGIPASS Authentication Plug In to find out where the VASCO code needs to go in your custom login page lt DIGIPASS Authentication for OWA Forms modifications START The following is required to display DIGIPASS failure reason gt System String VascoFailCode System Web HttpUtility UrlDecode Request QueryString failcode System String VascoFailMessage System Web HttpUtility UrlDecode Request QueryString failmessage if System String IsNullOrEmpty VascoFailCode VascoFailMessage VascoFailCode VascoFailMessage if String IsNullOrEmpty VascoFailMessage 5 amp gt lt DIGIPASS Avithentrecatizon tor OWA Forms modifications ANN D 2 gt lt DIGIPASS Authentication for OWA Forms modifications START gt lt The following is required to display DIGIPASS failure reason gt else 5 amp gt lt td gt DIGIPASS error amp nbsp lt VascoFailMessage gt lt td gt lt 5 gt lt DIGIPASS Authentication for OWA Forms modif
68. r name resolution dynamic user registration 52 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 79
69. racing Tracing level DIGIPASS Authentication for OWA Forms a No tracing Basic tracing Authentication C Full tracing Tracing destination Tracing file E Program Files VASCO DIGIPASS Authentication for OWA Forms Log DIGIPASSPlugin_IIS_OWAFo Browse Note Make sure IIS has access rights to the selected location or there will be no output Figure 17 Configuring Tracing Options 3 Ifyou have selected basic or full tracing specify the path and filename for the tracing file The file path must be the full absolute path Relative paths may be misinterpreted in the IIS environment so that the trace file cannot be written to 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 37 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 Click Apply for your changes to take effect 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 38 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 2 Editing the Configuration File The DIGIPASS Authentication Plug In Configuration Center writes to an XML file named Settings xml in the installation directory It is possible to edit this file directly instead of using the Configuration Center NOTE This option is recommended only for advanc
70. rc a b da ka ar lan E da baas ak dad 14 2 4 Server Connection Management sese nennen nnn 15 2 4 1 CORTE COO RTOS NT n bn DD r tutt rn ere Eee LN NOTTE IUS 15 2 4 2 CONMECTION ODEOFIS icai cerco t rrr ent E pter per Feat DEC Een RE snes og 15 2 4 3 Standard Server Setup sse eene eren nne inneren 16 P CNEM IC OU PER mm Es 17 3 Installing DIGIPASS Authentication for OWA Forms eennn mmn 18 3 1 System Requirements sssseennnmnenennnmemnnnnnn nennen nnne nnn nnns 19 3 1 1 Software Requirements seeeeenrenn nee nre rennen rennen rennen 19 3 2 Pre Installation Tasks L nnnm nnne nennen nennen nn nnn nins 20 3 2 1 Installing the Authentication Server sssseeenen nnne 20 3 2 2 llS and EXC NaN Eirinen een ee err e et e er CEP P e ete Dr er n EP eei rr e EE 20 3 2 3 Information NBBOB s ccce tne creer Pee deer t dan exter Bc CP n e ish cm PR cet ce tp nr 20 3 24 ME a E E EE E EE E E E E 21 3 3 Installing DIGIPASS Authentication for OWA Forms eene 22 3 4 Using the DIGIPASS Authentication for OWA Forms Configuration Wizard ccscccccccssssssssssssteseeesssssesenes 24 3 4 1 Configuring DIGIPASS Authentication for OWA Forms esee 24 4 Configuring DIGIPASS Authentication for OWA Forms eeeeennn mmn 28 4 1 Using the DIGIPASS Authentication Plug In Configuration Center
71. ring DIGIPASS Authentication for OWA Forms OWA auth logon aspx lt Value gt lt Value Name Enabled Type BOOL gt TRUE lt Value gt Key Name QueryStringParameterList gt Key Name QueryStringParameter0 gt Value Name NameValuePair Type STRING gt method oscr Value Key Key Key Key Name TwoStepChallengeResponse gt Value Name TemplateFilename Type STRING gt C Program Files VASCO DIGIPASS Authentication for OWA Forms Templates Common Challenge template html lt Value gt lt Value Name FormMethod Type STRING gt POST lt Value gt lt Key gt lt Key gt lt Key gt lt Key gt lt Profile gt 4 2 2 Configuration Settings This section lists configuration settings and their default values After DIGIPASS Authentication Plug In installation Settings xml contains only a few basic settings After the configuration wizard is completed the file is filled with the default configuration for OWA forms 4 2 2 1 Servers and connections Servers and Connections gt LocallPAddress The address from which to connect to the authentication server The default value is the IP address automatically detected by the install program If more than one IP address was detected this value will be the IP address selected during installation Servers and Connections gt ServerLoadBalancing Enable disable load balancing for connections to authentic
72. rms User Manual Post Installation Tasks 5 2 3 1 Modifying the custom login page If you have a current login page in use which differs from the standard OWA login page you may need to modify it rather than replacing it with the login page provided with the DIGIPASS Authentication Plug In When the DIGIPASS Authentication Plug In detects a request for the login page it adds the following headers to the request before passing it on e VASCO Challenge contains the string challenge to be displayed to the user e g 1234 e VASCO State contains data that needs to be passed as the field VMExt State on the login request gt To modify the custom login page for one step challenge response 1 Backup EXCHANGE DIRECTORY gt logon aspx to a suitable place 2 Open logon aspx which is located in INSTALLATION DIRECTORY gt Templates OWAF VERSION 3 Copy the following piece of code to the appropriate location in your custom login file CAUTION Make sure you insert the VASCO code to the correct location in the file Refer to the example login file delivered with the DIGIPASS Authentication Plug In to find out where the VASCO code needs to go in your custom login page ZU ES DIL DA Se PA WERD TET a E Ton for OWA Forms modsiacaraeons 3 SLART gt lt The following is required for one step challenge response gt System String VascoChallenge Request ServerVariables HTTP VASCO CHALLENGE System String VascoS
73. rver for the DIGIPASS Authentication Plug In The configuration wizard can create the required record if a connection to the authentication server and an administrator account with sufficient privileges is available If the configuration wizard does not create a client record this must be done manually e The Component type should be set to Outlook Web Access e The Location should be set to the same IP address as in the Connect from IP address setting in the DIGIPASS Authentication Plug In Configuration Center e Select a policy for the authentication server to use when processing authentication requests from the DIGIPASS Authentication Plug In A valid license key must be obtained for the DIGIPASS Authentication Plug In and loaded in to the client record 4 4 2 Configuring for Windows User Accounts 4 4 2 1 Windows user name resolution If the authentication server is installed on a Windows platform and is using an ODBC database including the embedded database as its data store it is recommended that you enable Windows user name resolution This allows the authentication server to use Windows functionality to resolve a user ID as entered during a login into a user ID and domain It is highly recommended if dynamic user registration will be enabled This setting is not required where the authentication server is using Active Directory as its data store name resolution will occur automatically This setting is not available o
74. s DIGIPASS Authentication Plug In Configuration Center ni x General Servers and Connections Change IDENTIKEY Server and connection options Servers and Connections Authentication Servers Tracing Authentication servers DIGIPASS Authentication for OWA Forms Authentication Move up zd Move down Connect from IP address z Note IP address should match the DIGIPASS Authentication Plug In license configured at the IDENTIKEY Server s used Enable load sharing Configuration for Main Server Server details Display name Main Server Paess TT TUT SEAL port 20003 F Use SSL Server type Primary v Test Connection parameters Timeout in sec o Maximum connections fo Minimum reconnect interval in sec fo a Maximum reconnect interval in sec 10 Secure connections Use Windows built in CA certificate repository Load CA certificates from file Certificate file Browse Note The certificate file must contain CA certificates for all SSL connections specified in the authentication servers list Figure 14 Configuring Servers and Connections 2 3 Select an IP address from the Connect from IP address list from which to connect to the authentication server 4 Select Enable load sharing if you want to use a backup server For more information refer to Section 2 4 1 Connection Profiles 5 Specify the server settings as needed e D
75. s is replaced with any fields submitted from the login page and has 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 63 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting 6 Troubleshooting This chapter provides information about possible issues that may occur when working with DIGIPASS Authentication for OWA Forms Read this chapter carefully as it may help you find and identify issues This chapter covers the following topics e DIGIPASS Authentication Plug In Installation Problems e Other Troubleshooting Options e Repairing the Installation 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 64 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting 6 1 DIGIPASS Authentication Plug In Installation Problems The installation program for the DIGIPASS Authentication Plug In will usually complete the following tasks automatically However if it fails in these tasks for some reason an error message will be displayed during installation These steps can then be followed to complete the installation manually If you are having trouble running the authentication server and the DIGIPASS Authentication Plug In for the first time following these steps may help you track down the problem and fix it manually 6 1 1 Checking File Placement 2012 VASCO Da The followin
76. sent in the query string 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 35 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms CAUTION You need to type the parameter exactly as it will appear in the query string CAUTION If a Web site is configured to use the same base URL and query string parameters for both response only and one step challenge response login the DIGIPASS Authentication Plug In will not be able to distinguish between them In this case it will attempt to perform a one step challenge response authentication In addition if you have multiple Web sites configured to use the same base URL and query string parameters the topmost Web site definition in the list will take precedence for authentication 7 Click Apply for your changes to take effect 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 36 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms 4 1 4 Configuring Tracing gt To configure settings for tracing 1 Start DIGIPASS Authentication Plug In Configuration Center and select Tracing 2 Specify the tracing level For more information refer to Section 2 5 Tracing Anl xl General Tracing Change tracing options Servers and Connections Tracing T
77. sers are Active Directory users on a Windows platform it is recommended that the Use Windows user name resolution feature on the authentication server is enabled This uses Windows functions to identify user IDs as Windows user accounts including the domain to which the account belongs This feature is not available on Linux platforms or the aXsGUARD Identifier If the Use Windows user name resolution feature is disabled it is essential that users always use the same login name If they try to log in using a different form of their Windows account name their login will be rejected unless a second DIGIPASS user account has been created 3 2 2 IIS and Exchange Ensure IIS and Exchange are installed and working correctly The DIGIPASS Authentication Plug In must be installed on the IIS server where Outlook Web Access is running 3 2 3 Information Needed Before you begin installation of the DIGIPASS Authentication Plug In ensure that you have the following information easily accessible as you will need to enter this during the installation e P address and port number of the authentication server To check this open the authentication server configuration and check the Component location and SEAL port fields e Source IP address on the local machine to use when connecting to the authentication server if multiple IP addresses are configured for this machine as this affects licensing see below 2012 VASCO Data Security Intern
78. swords The plug in intercepts authentication requests validates the OTP and replaces it with the static password expected by the back end The OTPs are validated using an IDENTIKEY Server or aXsGUARD Identifier The DIGIPASS Authentication Plug In is a native module for IIS 7 x o DIGIPASS Accept reject bs Authentication em Plug In 232 User ID and 2 OTP Authentication request User ID and OTP and server PIN if required Static password IDENTIKEY Server or aXsGUARD Figure 1 DIGIPASS Authentication for OWA Forms Overview 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 12 DIGIPASS Authentication for OWA Forms User Manual DIGIPASS Authentication for OWA Forms Overview 2 2 DIGIPASS Authentication Plug In Terminology The following definitions describe how these terms are used in this document They are also used in other IIS plug in manuals Authentication server The term authentication server refers to the component to which the DIGIPASS Authentication Plug In sends authentication requests This component is e ForIDENTIKEY Server the IDENTIKEY Server service or daemon e For aXsGUARD Identifier the IDENTIKEY Server daemon Basic authentication A method of authentication that uses the HTTP basic authentication mechanism This uses a login pop up box provided by the browser Client record Th
79. t config Figure 25 Ensuring the DIGIPASS Authentication Plug In Is Registered gt If DIGIPASS Authentication for OWA Forms is not listed 1 Inthe Actions panel select Configure Native Modules The Configure Native Modules Dialog is displayed axi Select one or more registered modules to enable Figure 26 Registering DIGIPASS Authentication for OWA Forms in IIS 1 2 Click Register The Register Native Modules Dialog is displayed 3 Type DIGIPASS Authentication for OWA Forms into the Name field browse to lt INSTALLATION DIRECTORY DIGIPASSPIugin IIS OWAFormsMT32 dll 32 bit systems or INSTALLATION 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 70 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting DIRECTORY gt DIGIPASSPlugin_IIS_OWAFormsMT64 dll 64 bit systems and click OK 2l xl Register Native Module fe Progra res VASCO DIGIPASS Authentication for OWA For sx Figure 27 Registering DIGIPASS Authentication for OWA Forms in IIS 2 4 Select DIGIPASS Authentication for OWA Forms and click OK EEE ES Configure Native Modules Figure 28 Registering DIGIPASS Authentication for OWA Forms in IIS 3 DIGIPASS Authentication for OWA Forms appears in the Modules list 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplica
80. tallation 1 1 2 Document Conventions The following typographic style conventions are used throughout this document Typography Meaning Boldface Names of user interface widgets e g the OK button Blue Values for options placeholders for information or parameters that you provide e g select Server name in the list box UPPERCASE Keyboard keys e g CTRL for the Control key Monospace Commands you are supposed to type in or are displayed in a command prompt shell including directories and filenames API functions and source code examples blue underlined Internet links The following visual hint colour schemes are used throughout this document NOTE Notes contain important supplementary information 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 9 DIGIPASS Authentication for OWA Forms User Manual Introduction CAUTION Cautions contain warnings about possible data loss breaches of security or other more serious problems 1 1 3 Providing Feedback Every effort has been made to ensure the accuracy and usefulness of this manual However as the reader of this documentation you are our most important critic and commentator We appreciate your judgment and would like you to write us your opinions suggestions critics questions and ideas Please send your commentary to documentation vasco com To
81. tate Request ServerVariables HTTP VASCO STATE if System String IsNullOrEmpty VascoState amp amp System String IsNullOrEmpty VascoChallenge SEES lt td nowrap gt lt label for vascochallenge gt Challenge lt label gt lt td gt lt td class txtpad gt lt input id vascochallenge name challenge type text class txt readonly true value lt VascoChallenge gt gt lt td gt Asa input name DPExtState type hidden value VascoState gt gt lt DIGIPASS Authentication for OWA Forms modifications END gt 4 Save and close the custom login file 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 60 DIGIPASS Authentication for OWA Forms User Manual Post Installation Tasks 5 3 Displaying the Login Failure Reason NOTE This step is OPTIONAL for all installations The DIGIPASS Authentication Plug In may be configured to pass information to OWA when it fails an authentication request This information may be used to provide users with an explanation of why their login failed and steps that they may be able to take to rectify the problem The authentication server will pass the error or status code and message text for the authentication server to OWA which may then display the message verbatim or interpret the code to provide the user with a clear explanation
82. the DIGIPASS Authentication Plug In in place of the one time password entered by the user on future logins DIGIPASS assignment mode Either Self Assignment or Auto Assignment would typically be used in this scenario although manual assignment may also be used Local authentication The typical setting for local authentication would be DIGIPASS Password meaning that users usually need to use an OTP when logging in but are not required to in some circumstances e g in grace period 4 4 3 2 DIGIPASS users log in with password and OTP Windows user accounts The following settings are recommended for this scenario 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 54 DIGIPASS Authentication for OWA Forms User Manual Configuring DIGIPASS Authentication for OWA Forms Back end authentication e Back end authentication if needed e Back end protocol Windows IDENTIKEY Server or Microsoft AD aXsGUARD Identifier These settings allow the authentication server to check user login details with Windows or Active Directory in case of DUR and Self Assignment logins through the DIGIPASS Authentication Plug In DIGIPASS user account handling e Dynamic user registration enabled e Password autolearn disabled e Stored password proxy disabled These settings allow the authentication server to create an account for an unrecognized user based on a successful Windows
83. tion for OWA Forms User Manual Table of Contents Figure 22 Setting Permissions for Tracing ssss nnne 67 Figure 23 Setting Permissions for Accessing the Configuration File 68 Figure 24 Adding the lS sUSRS GIOUD ccrte eterne er eee tre wee tenere nes 69 Figure 25 Ensuring the DIGIPASS Authentication Plug In Is Registered 70 Figure 26 Registering DIGIPASS Authentication for OWA Forms in IIS 1 70 Figure 27 Registering DIGIPASS Authentication for OWA Forms in IIS 2 71 Figure 28 Registering DIGIPASS Authentication for OWA Forms in IS 3 nnne 71 Figure 29 Repairing the Installation nnn nnnm nre 74 Figure 30 Removing DIGIPASS Authentication for OWA Forms seee enne 76 Index of Tables Table 1 EdnguageCOd6S scontri certe rer rre P rer tree Fe P rerba ve rn 44 Table 2 Installation Structure of DIGIPASS Authentication for OWA Forms 65 2012 VASCO Data Security International Inc All rights reserved Unauthorized duplication or distribution is prohibited 7 DIGIPASS Authentication for OWA Forms User Manual Introduction 1 Introduction Welcome to the DIGIPASS Authentication for OWA Forms User Manual This document provides information you will need to install and use DIGIPASS Authentication for OWA Forms This guide provides information about e the DIGIPASS Authentication for OWA Forms features and functionalities e how to install DIGIPASS Authentication for OWA Forms e
84. tion or distribution is prohibited 71 DIGIPASS Authentication for OWA Forms User Manual Troubleshooting 6 2 Other Troubleshooting Options If you are still having problems after checking that all installation and configuration settings for the DIGIPASS Authentication Plug In are correct follow these steps to check for other possible problems 6 2 1 Application Pools If the DIGIPASS Authentication Plug In stops working properly open Internet Information Services IIS Manager and make sure the corresponding application pool is started Restarting the server does not restart the application pool 6 2 2 No Trace File If there is no trace file or no new entries are written to the file check the Windows events for any warnings or errors generated by a failure to load the DIGIPASS Authentication Plug In into IIS 6 2 3 Information from Trace File To view trace file information 1 Setthe DIGIPASS Authentication Plug In to tracing 2 Attempt a login 3 Checkthe trace file for information on the start up conditions of the DIGIPASS Authentication Plug In and of the login attempt 6 2 4 Authentication Server If the DIGIPASS Authentication Plug In appears to load and update but you are unable to achieve a successful login check the authentication server Open the Audit Viewer to e check available audit messages in the audit files or database e configure a live audit connection from the authentication server and retry a login
Download Pdf Manuals
Related Search