Procedures for Configuring Connections to the ActivID Authentication Server
You can also issue smart cards containing SKI Symmetric Key Infrastructure or OATH Open Authentication applications using the ActivID Authentication Server (AS). The ActivID AS can manage a heterogeneous end-user population and supports multiple authentication channels, different types of authenticators and authentication policies. The SKI and OATH applications allow the user to access resources (for example, different applications or computers) using a dynamic password generated by a smart card. This authentication method requires the ActivID AS to manage access to the resources.
So that it can manage SKI/OATH credentials, ActivID CMS communicates with one or more ActivID ASs. Managing SKI/OATH credentials includes the following SKI/OATH key-related operations:
-
Issuing
-
Revoking
-
Suspending
-
Resuming
It does NOT, however, include the following operations:
-
SKI/OATH credential resynchronization based on One-Time Password
-
SKI/OATH credential resynchronization based on Clock and Counter
-
SKI/OATH Authentication Logs display
-
User's SKI/OATH Information display
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
An ActivID Authentication server / Appliance SKI Connector for ActivID CMS is running.
ActivID CMS is connected to the ActivID Authentication server / Appliance SKI Connector.
You have the administrator credentials to authenticate to the ActivID Authentication server / Appliance.
You have the rights to create a new ActivID Authentication server / Appliance or duplicate an existing server.
-
Go to the Repositories Management page.
-
To create a new server, click Add Authentication Server.
-
From the Provider drop-down list, select ActivID Authentication Server.
-
From the Template drop-down list, accept the default template.
-
Click Submit. The AAA Authentication, Authorization, and Accounting Administration Server Creation page appears:
-
Enter the appropriate information:
-
Name—Enter a name for the ActivID Authentication Server / Appliance (which must be unique within ActivID CMS).
-
Host—Enter the name or IP address of the computer system hosting the ActivID Authentication Server / Appliance.
-
Port—Accept the default value (443).
-
User Name—Enter the username used by ActivID CMS to connect to the ActivID Authentication Server / Appliance.
Note: By default, the ActivID AS username for ActivID CMS is “spl-cmsadmin”.
-
User Password—Enter the password used by ActivID CMS for the ActivID Authentication Server / Appliance user.
-
Authentication Policy—Accept the default value (AT_SYSLOG).
-
Channel Code—Accept the default value (CH_CMS).
-
Security Domain—Enter the security domain identifier. This identifier has to be previously configured in the ActivID Authentication Server / Appliance.
-
-
Click Test to verify that the connection is working.
-
Click Create to declare the new server.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
-
Go to the Repositories Management page.
-
Locate the ActivID AS / Appliance connection you want to update in the Authentication Servers panel on the page, in the Name column.
-
In the Action column, click Update. The Authentication Server Update page appears.
-
Modify the information as required.
-
Click Test to verify that the connection is working.
-
Click Update.
-
When the confirmation message appears, click Done.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
-
Go to the Repositories Management page.
-
Locate the ActivID AS in the Authentication Servers panel on the page, in the Name column.
-
In the Action column, click View. The Authentication Server Information page appears.
-
Click Done to return to the main page.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
Removing an ActivID Authentication server or ActivID Appliance from the ActivID CMS database does not physically remove the server. However, ActivID CMS will be unable to manage the credentials issued by that server.
-
Go to the Repositories Management page.
-
Locate the ActivID Authentication server / Appliance in the Authentication Servers panel on the page, in the Name column.
-
In the Action column, click Delete. The Authentication Server Deletion page appears.
-
Click Delete.
-
When the confirmation message appears, click Done.