This paper outlines general recommendations and best practices related to the design of a VACMAN Controller database for client implementations. The intent is to provide a starting point that customers may use to support standard VASCO implementations and as a foundation for further customization to achieve customer data storage requirements.
When configuring an MDC profile on Linux, you can get an error “Certificate file could not be found”. Keywords: MDC, mdcconfiggui, Linux
When configuring IDENTIKEY Authentication Server with Thales nShield HSM, the IDENTIKEY configuration wizard fails with the error “Error from command [GetKeyInfoEx] : [CrossModule]”
How to configure Online time synchronization with the VASCO time server for DIGIPASS for Mobile.
A customer would like for example the email attribute released from Active Directory after a successful authentication from IFS to IAS. In this article we will describe how to configure this, based on the example of the IFS built-in userpage with Radius authentication to IAS.
User accounts in IDENTIKEY Authentication Server (IAS) can be set to expire on a specific date by setting the “Expires” feature on the user account. This field is typically used for temporary users such as contractors or external auditors. IAS does not automatically delete "expired" users.
When an IAS administrator authenticates via an IAS policy which is set to reject local admins you will see this Error Message: 'Policy specifies 'Reject' in its 'Privileged Users' setting and the authenticating user has administrative privileges. This logon will be rejected.'
When using Microsoft Active Directory with IAS for back-end authentication, the back-end server should be configured accordingly. As such, if Active Directory is configured to communicate via SSL, then IDENTIKEY Authentication Server must also be configured to use SSL with Active Directory.
When an authentication fails with error message “The user domain does not match the accepted domain”, this means that the accepted domain feature in IDENTIKEY Authentication Server (IAS) is configured for a domain that is different from the domain of the user who is authenticating.
When you have multiple subdomains for backend authentication, you can use the global catalog option in IDENTIKEY Authentication Server(IAS) (When you have more than 2 subdomains, you must use the Global Catalog option. See KB article KB 140177 for details). Important to know is that the ldap bind user must be the same on the top level domain and all subdomains,...