Integration with PINsafe

From Swivel Knowledgebase Wiki

Contents 1 Overview 2 What We Need to Know 3 Authentication Technologies 3.1 RADIUS Authentication 3.2 Agent-XML 4 Authentication Transports 4.1 SMS Authentication 4.2 Single Channel Graphical Image 4.3 Email Authentication 4.4 Mobile Phone Application

Overview

This document outlines generic information for the integration of PINsafe for authentication.

What We Need to Know

1. What needs to be integrated with?

• Product Name
• Version
• Is a test system available for access or a download available

2. Does it support RADIUS Authentication (PINsafe is a RADIUS server)

3. What Authentication transport is to be used?

• Single Channel Graphical Image
• SMS
• Mobile Phone Applet
• Email
• All the above

Authentication Technologies

PINsafe has two methods of authenticating users:

RADIUS Authentication

PINsafe is a RADIUS server and supports PAP, CHAP, MSCHAP, MSCHAP v2. Most authentication devices use RADUS for authentication. If the device supports RADIUS then integration is possible.

Agent-XML

If RADIUS authentication is not supported then PINsafe can use its own authentication technology. This may require development work.

Authentication Transports

SMS Authentication

This is where the authentication is sent in an SMS text message. If the access device supports RADIUS then SMS integration is usually straight forward.

Single Channel Graphical Image

This is where the user receives their security string and authenticates by the same channel (i.e. the internet). The Image is normally embedded into the login page using a script, supported by the login page such as a java script. This usually requires that the login page is customisable to run the scripts. The username is taken from the login page and sent to the PINsafe server as part of the following request:

https://IP:8443/SCImage?username=<username>

Where this is not possible a task bar application is available, see Taskbar How to Guide. Authentication is usually by email.

PINsafe offers a variety of methods including:

Turing Image

PATTern Image

BUTton Image

Email Authentication

Authentication information sent by email. If the access device supports RADIUS then Email integration is usually straight forward.

Mobile Phone Application

This is where the mobile phone requests a number of security strings, it is normally dual channel authentication, as the security strings are requested from the PINsafe server accross the wireless network. If the access device supports RADIUS then SMS integration is usually straight forward.

Fore more information see the Mobile Client guides.