Passwrdstate SafeNet Tw-Factr Cnfiguratin This dcument and the infrmatin cntrlled therein is the prperty f Click Studis. It must nt be reprduced in whle/part, r therwise disclsed, withut prir cnsent in writing frm Click Studis.
Table f Cntents 1 INTRODUCTION... 3 2 INSTALLING BLACKSHIELD ID.NET AUTHENTICATION API FILES... 4 3 CONFIGURING A FAIL-OVER AUTHENTICATION SERVER... 5 4 SAFENET AUTHENTICATION SERVICE PORTAL CONFIGURATIONS... 6
1 Intrductin This dcument will describe the prcess fr initially cnfiguring Passwrdstate t use tw-factr authenticatin with SafeNet s Authenticatin Service (SAS), either Clud-Based, r On-Premise. System Requirements Yu Passwrdstate web server als requires fr fllwing cmpnents t be installed:.net Framewrk 2 (.NET 3.5 als includes the install f versin 2) Micrsft Visual C++ 2008 Redistributable Package
2 Installing BlackShield ID.NET Authenticatin API Files In rder fr Passwrdstate t cmmunicate with SafeNet s authenticatin services, we must first install the apprpriate Blackshield ID.NET Authenticatin API files, perfrm varius cnfiguratins, and then cpy a few files int the Passwrdstate flder. Dwnlad the apprpriate BlackShield API installer file, depending n yur server prcessr architecture: http://www.clickstudis.cm.au/dwnlads/blackshieldapi.zip (32-bit) http://www.clickstudis.cm.au/dwnlads/blackshieldapix64.zip (64-bit) Unzip the file and cpy acrss the executable t yur Passwrdstate web server Run the BlackShield executable as an Administratr, and when yu get t the screen belw, enter the Hstname r IP Address f the apprpriate BlackShield ID Authenticatin Server fr yur envirnment this can be an internal server, r SafeNet s external clud based authenticatin server Once installed, cpy the files belw acrss int the c:\inetpub\passwrdstate\bin flder (these paths may be different fr yu). If yu wish t use this authenticatin ptin with the Passwrdstate Mbile client, yu will als need t cpy these files int the c:\inetpub\passwrdstate\mbile\bin flder. C:\Prgram Files\CRYPTOCard\BlackShield ID\API\BSIDAPI.dll C:\Prgram Files\CRYPTOCard\BlackShield ID\API\BSIDAPI.XmlSerializers.dll C:\Prgram Files\CRYPTOCard\BlackShield ID\API\CryptCOM.dll NOTE: Cpying files int the Passwrdstate bin flder causes any user sessins in Passwrdstate t end please nly d this when yu knw users aren t currently using Passwrdstate.
3 Cnfiguring a Fail-Over Authenticatin Server We need t add anther registry key n yur Passwrdstate web server, s that in the event yur BlackShield Primary Authenticatin Server is unavailable, we can authenticate against a secndary fail-ver server. T d this, pen Regedt32 as admin, and add the fllwing registry key: Lcatin = HKEY_LOCAL_MACHINE\SOFTWARE\CRYPTOCard\BlackShield ID\BSDIDAPI String = ServiceURL2 Value = https://agent2.safenet-inc.cm/tkenvalidatr/tkenvalidatr.asmx The value will als be different if using internally hsted BlackShield servers. Belw is a screensht f what this wuld lk like.
4 SafeNet Authenticatin Service Prtal Cnfiguratins There are tw mre steps required t finalize the cnfiguratin. T d these, yu must lg int the SafeNet Authenticatin Service Prtal, either Clud-Based r On-Premise, and fllw the instructins belw. Dwnlad Encryptin Key Navigate t the Cmms tab, click n Authenticatin Prcessing -> Authenticate Agent Settings Click the Dwnlad buttn, as per the screensht belw, and save the file int the C:\Prgram Files\CRYPTOCard\BlackShield ID\API\KeyFile flder n yur web server verwrite the existing file here Create Authenticatin Nde This step may nt be required if yu are already using SafeNet Authenticatin Services with ther applicatins in yur envirnment check with the System Administratr wh is respnsible. Navigate t the Cmms tab, click n Auth Ndes, and then click n the Add buttn Yu will then see a screen similar t the ne belw which allws yu t create an Authenticate Nde apprpriate fr yur envirnment. Ask yur System Administratr what the apprpriate settings are here, and if using SafeNet s clud based authenticatin services, yu will need t ensure yu specify the IP Address frm where the BlackShield API Calls are being made frm s generally the Public IP Address r yur firewall. If yu cntinue t get Failed Authenticatin attempts in Passwrdstate, then the Authenticatin Nde settings culd be incrrect.