Set Up 1-Step Challenge/Response Logon

This step is only required if 1-step Challenge/Response is being implemented.

Implementing 1-step Challenge/Response logon requires a modification of the logon page used by OWA. You can use the example logon page, which is located in %PROGRAMFILES%\OneSpan\Digipass Authentication for OWA Forms\Templates\OWAF VERSION. To use a logon page which has been customized for your company – e.g. colors and graphics – follow the instructions in Modify the custom logon page.

To configure the authentication server

• Enable 1-step Challenge/Response in the policy for the Digipass Authentication Module client record. For more information about the policy settings required for 1-step Challenge/Response, see Policy.

To configure the Digipass Authentication Module

• Enable 1-step Challenge/Response in the Digipass Authentication for OWA Forms Configuration Center. You can do so for the main website, or for a dedicated website only for 1-step Challenge/Response logons.

To configure the logon page

1. Back up owa_directory\auth\logon.aspx to a suitable place.

2. To use the default logon page supplied with Digipass Authentication for OWA Forms, copy the logon page from %PROGRAMFILES%\OneSpan\Digipass Authentication for OWA Forms\Templates\OWAF VERSION\logon.aspx to %windir%\web\owa_directory\auth\logon.aspx.

   -OR-

   modify the existing page with OneSpan code.

   Modifying the existing page with custom OneSpan code should only be used as an alternative if copying over the templates does not work. This might be the case because the logon page was modified by Microsoft, e.g. with a patch. In that case, you need to modify the page manually: compare the template with the original file and merge the Digipass sections into the original file.

Modify the custom logon page

If your current logon page is not the standard OWA logon page, you may need to modify it rather than replace it with the logon page provided with the Digipass Authentication Module.

When the Digipass Authentication Module detects a request for the logon page, it adds the following headers to the request before passing it on:

• VASCO-Challenge: contains the string challenge to be displayed to the user, e.g. 1234

• VASCO-State: contains data that needs to be passed as the VMExtState field on the logon request.

To modify the custom logon page for 1-step Challenge/Response

1. Back up owa_installation_folder\auth\logon.aspx to a suitable place.

2. Open logon.aspx, which is located in %PROGRAMFILES%\OneSpan\Digipass Authentication for OWA Forms\Templates\OWAF version\.

3. Modify the existing page with OneSpan code.

   Copy the following code snippet to the appropriate location in your custom logon file:

   Make sure you insert the OneSpan code in the correct location in the file. Refer to the example logon file delivered with the Digipass Authentication Module to find out where the OneSpan code needs to go in your custom logon page.

<!-- DIGIPASS Authentication for OWA Forms modifications : START -->
<!--The following is required for one-step-challenge response -->
<%
System.String VascoChallenge =
Request.ServerVariables ["HTTP_VASCO_CHALLENGE"];
System.String VascoState = Request.ServerVariables ["HTTP_VASCO_STATE"];
 
if (!System.String.IsNullOrEmpty (VascoState) &&
!System.String.IsNullOrEmpty (VascoChallenge)) {
%>
    <tr>
      <td nowrap><label for="vascochallenge">Challenge:       </label></td>
      <td class="txtpad">
        <input id="vascochallenge" name="challenge"         type="text" class="txt" readonly="true"         value="<%=VascoChallenge %>">
      </td>
    </tr>
    <input name='DPExtState' type='hidden' value=     '<%= VascoState %>'>
<%
}
%>
<!-- DIGIPASS Authentication for OWA Forms modifications : END -->

4. Save and close the custom logon file.