Login
    Contenu x
    Limitations of RADIUS support in OneSpan Authentication Server Appliance
    • 31 Dec 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Limitations of RADIUS support in OneSpan Authentication Server Appliance

    • Mis à jour le 31 Dec 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    RADIUS support of OneSpan Authentication Server Appliance has some caveats and limitations.

    Limitations of RADIUS password protocols

    Some OneSpan Authentication Server Appliance features are not supported with CHAP or MS-CHAP, because these protocols hash logon data together. This prevents separation of various entries.

    The following features are unsupported:

    • You cannot perform self-assignment.
    • You cannot change the server PIN.
    • You cannot use Challenge/Response.
    • Windows back-end authentication is not supported, unless the user ID and Windows password are manually stored and stored password proxy is enabled.
    • You cannot use password autolearning, because clear text passwords cannot be identified.
    • Virtual Mobile Authenticator OTP requests are not supported.

    These limitations apply also to the following protocols:

    • EAP-TTLSv0/CHAP
    • EAP-TTLSv0/MSCHAP
    • EAP-TTLSv0/MSCHAP2
    • EAP-TTLSv0/EAP-MSCHAP2
    • PEAPv0/EAP-MSCHAP2
    • PEAPv1/EAP-MSCHAP2

    Using OneSpan User Websites can circumvent many of these problems by allowing users to manage their account and authenticators. Users can:

    • Perform self-assignment.
    • Change their server PINs.
    • Change their own stored static password.

    Unsupported RADIUS password protocols

    The following RADIUS password protocols are unsupported:

    • MSCHAP with LM Hash.
    • The password change mechanism for MS-CHAP and MS-CHAP v2.

    Limitations of international character support

    A number of OneSpan Authentication Server Appliance components provide international character support, but some limitations apply:

    RADIUS

    International character support in OneSpan Authentication Server Appliance using the RADIUS protocol depends on the RADIUS client(s) used. If a RADIUS client uses UTF-8 encoding, international characters will be fully supported. If a RADIUS client uses a localized encoding (eg. ISO-8859-13), the same locale setting must be configured on each computer.

    If OneSpan Authentication Server Appliance is used as an intermediary between a RADIUS client and RADIUS server, verify the encoding expected/required by the RADIUS server. If the RADIUS server requires any encoding format other than UTF-8, you need to configure OneSpan Authentication Server Appliance accordingly.

    Web

    Digipass Authentication for OWA Basic and Digipass Authentication for OWA Forms limit international character support to a single configured encoding.

    Limitations of web basic authentication

    In OneSpan Authentication Server Appliance, the HTTP basic authentication mechanism does not support a 2-step logon process. In addition, Challenge/Response is also unsupported.

    Limitations for score-based authenticator applications

    Score-based authenticator applications do not support CHAP-based RADIUS authentications.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle