지금 지원 담당자와 채팅
지원 담당자와 채팅

Defender 6.5 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

isUserDefenderAuthenticated property

Returns a non-zero value if the user is Defender authenticated. Otherwise, returns zero.

The user will be Defender authenticated if all of the following is true:

  • The Access Node specified is assigned to the Defender Security Server.
  • The user is a member of the Access Node, either directly or indirectly.
  • The user has a token or Defender Password as required by the effective policy.

C++ syntax
public : HRESULT isUserDefenderAuthenticated( BSTR domain, BSTR samAccountName, BSTR accessNode, BSTR dssIpAddress, VARIANT_BOOL* pVal);;

C# syntax
public virtual int get_isUserDefenderAuthenticated(string domain, string samAccountName, string accessNode, string dssIpAddress)

Parameters

  • domain  The NetBIOS name of the domain to which the user belongs.
  • samAccountName  The SAM account name of the user.
  • accessNode  The common name (cn) of the Defender Access Node through which the user will authenticate.
  • dssIpAddress  The IP address of the Defender Security Server through which the user will authenticate.

Defender Security Server messages

Messages containing %s will have this replaced with challenge data; this can be obtained via the challengeMessageData property. \r\n denotes a carriage return followed by a line feed.

 

Table 53:

Defender Security Server messages

Message ID

Default text

00

Enter Synchronous Response:\r\n

01

Invalid Synchronous Response.\r\nEnter Synchronous Response:\r\n

02

Access Denied.\r\n

03

Your PIN has expired and must be changed.\r\nEnter Current PIN and required PIN and confirm PIN:\r\n

04

Enter Defender Password:\r\n

05

Invalid Password.\r\nEnter Defender Password:\r\n

06

PIN change failed, try again.\r\nEnter Current PIN and required PIN and confirm PIN:\r\n

07

Your token is not synchronised to the current system clock.\r\nEnter the next response.\r\n

08

Invalid Response.\r\nYour token is not synchronised to the current system clock.\r\nEnter the next response.\r\n

10

SNK Challenge: %s \r\nEnter Response:\r\n

11

Invalid Response\r\nSNK Challenge: %s \r\nEnter Response:\r\n

12

Confirm Response\r\nSNK Challenge: %s \r\nEnter Response:\r\n

15

Access Approved.\r\n

16

Call has been intercepted by Defender 5. Unauthorized use of this system is PROHIBITED!\r\n\r\nEnter ID:

17

Your account is locked due to excess violations.\r\n

18

Your token appears to be upside down.\r\nRotate it and enter the next response.\r\n

19

Invalid Response.\r\nYour token appears to be upside down.\r\nRotate it and enter the next response.\r\n

20

Enter Windows Password:\r\n

21

Invalid Windows Password.\r\nEnter Windows Password:\r\n

22

Invalid Response.\r\nEnter Synchronous Response with Defender Password:\r\n

23

Enter Synchronous Response with Windows Password:\r\n

24

Invalid Response.\r\nEnter Synchronous Response with Windows Password:\r\n

25

SNK Challenge: %s \r\nEnter Response with Defender Password:\r\n

26

Invalid Response.\r\nSNK Challenge: %s \r\nEnter Response with Defender Password:\r\n

27

SNK Challenge: %s \r\nEnter Response with Windows Password:\r\n

28

Invalid Response.\r\nSNK Challenge: %s \r\nEnter Response with Windows Password:\r\n

39

Your Defender password has expired and must be changed\r\nEnter a new Defender password:\r\n

40

Your Windows password has expired and must be changed\r\nEnter a new Windows password:\r\n

41

Confirm your new Defender password:\r\n

42

Confirm your new Windows password:\r\n

43

Password change failed\r\nEnter a new Defender password:\r\n

44

Password change failed\r\nEnter a new Windows password:\r\n

45

Enter Synchronous Response with Defender Password:\r\n

46

Your token has expired and cannot be activated\r\nPlease contact your administrator.\r\n

47

Access Denied - No valid route found.\r\nPlease contact your administrator.\r\n

48

Access Denied - User account is disabled.\r\nPlease contact your administrator.\r\n

51

Access Denied - No user name.\r\nPlease contact your administrator.\r\n

52

Access Denied - Authentication not permitted at this time\r\n

53

Your token is not synchronised with Defender.\r\nEnter the next response.\r\n

54

Invalid Response.\r\nYour token is not synchronised with Defender.\r\nEnter the next response.\r\n

55

Your Defender password has expired and access has been forbidden.\r\n Please contact your system administrator.\r\n

56

Your Windows password has expired and access has been forbidden.\r\n Please contact your system administrator.\r\n

57

Configure your GrIDsure PIP:\r\n%s

58

Use your GrIDsure PIP:\r\n%s

59

Invalid Response.\r\nUse your GrIDsure PIP:\r\n%s

60

Invalid PIP.\r\nConfigure your GrIDsure PIP:\r\n%s

61

Your PIP has expired and must be changed.\r\nConfigure your GrIDsure PIP:\r\n%s

62

PIP change requested.\r\nConfigure your GrIDsure PIP:\r\n%s

63

PIP does not meet complexity rules.\r\nConfigure your GrIDsure PIP:\r\n%s

64

Access Denied - Ambiguous user name.\r\nPlease contact your administrator.\r\n

65

Your Windows account has expired and access has been forbidden.\r\nPlease contact your system administrator.\r\n

Appendix G: Defender Web Service API

The Defender Web Service API provides a public web interface to the administrative functionality of Defender.

The interface is exposed through the WebServiceAPI Web service. The installation program configures a windows service that will host the WebServiceAPI web service.

API methods

 

Table 54:

API methods

Method

Description

AddSoftwareTokenToUser method

Assigns a Defender Software token to a user.

AddTokenToUser method

Assigns a Defender token to a user.

GetTokensForUser method

Gets a list of Defender tokens assigned to a user.

RemoveAllTokensFromUser method

Unassigns all Defender tokens from a user.

RemoveDefenderPassword method

Deletes the Defender password for a user or all users in a group.

RemovePinFromUserToken method

Removes a user's PIN from an assigned token.

RemoveTemporaryResponse method

Removes a temporary response from a user's assigned token.

RemoveTokenFromUser method

Unassigns a Defender token from a user.

ResetDefenderToken method

Resets a Defender token to aid authentication when the token is out of synchronization with the server.

ResetDefenderViolationCount method

Reset a user's Defender violation count. Also allows the violation and reset counts to be viewed without resetting them.

SetDefenderPassword method

Sets the Defender password for a user or all users in a group.

SetPinOnUserToken method

Sets a user's PIN for an assigned token.

SetTemporaryResponse method

Sets a temporary response on a user's assigned token.

TestDefenderToken method

Tests a Defender token's response.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택