Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

userIdType property

Returns a value representing the type of user name expected for authentications through the passed Defender Access Node. The accessNode parameter should be the common name.

C++ syntax
public : HRESULT get_userIdType( BSTR accessNode, LONG* pVal);

C# syntax
public virtual int get_userIdType(string accessNode)

Return value

  • 0  Defender ID.
  • 1  User Principal Name.
  • 2  SAM Account Name.
  • 3  Proper Name.
  • -1  Failed to retrieve user ID type.

isUserDefenderAuthenticated property

Returns a non-zero value if the user is Defender authenticated. Otherwise, returns zero.

The user will be Defender authenticated if all of the following is true:

  • The Access Node specified is assigned to the Defender Security Server.
  • The user is a member of the Access Node, either directly or indirectly.
  • The user has a token or Defender Password as required by the effective policy.

C++ syntax
public : HRESULT isUserDefenderAuthenticated( BSTR domain, BSTR samAccountName, BSTR accessNode, BSTR dssIpAddress, VARIANT_BOOL* pVal);;

C# syntax
public virtual int get_isUserDefenderAuthenticated(string domain, string samAccountName, string accessNode, string dssIpAddress)

Parameters

  • domain  The NetBIOS name of the domain to which the user belongs.
  • samAccountName  The SAM account name of the user.
  • accessNode  The common name (cn) of the Defender Access Node through which the user will authenticate.
  • dssIpAddress  The IP address of the Defender Security Server through which the user will authenticate.

Defender Security Server messages

Messages containing %s will have this replaced with challenge data; this can be obtained via the challengeMessageData property. \r\n denotes a carriage return followed by a line feed.

 

Table 53:

Defender Security Server messages

Message ID

Default text

00

Enter Synchronous Response:\r\n

01

Invalid Synchronous Response.\r\nEnter Synchronous Response:\r\n

02

Access Denied.\r\n

03

Your PIN has expired and must be changed.\r\nEnter Current PIN and required PIN and confirm PIN:\r\n

04

Enter Defender Password:\r\n

05

Invalid Password.\r\nEnter Defender Password:\r\n

06

PIN change failed, try again.\r\nEnter Current PIN and required PIN and confirm PIN:\r\n

07

Your token is not synchronised to the current system clock.\r\nEnter the next response.\r\n

08

Invalid Response.\r\nYour token is not synchronised to the current system clock.\r\nEnter the next response.\r\n

10

SNK Challenge: %s \r\nEnter Response:\r\n

11

Invalid Response\r\nSNK Challenge: %s \r\nEnter Response:\r\n

12

Confirm Response\r\nSNK Challenge: %s \r\nEnter Response:\r\n

15

Access Approved.\r\n

16

Call has been intercepted by Defender 5. Unauthorized use of this system is PROHIBITED!\r\n\r\nEnter ID:

17

Your account is locked due to excess violations.\r\n

18

Your token appears to be upside down.\r\nRotate it and enter the next response.\r\n

19

Invalid Response.\r\nYour token appears to be upside down.\r\nRotate it and enter the next response.\r\n

20

Enter Windows Password:\r\n

21

Invalid Windows Password.\r\nEnter Windows Password:\r\n

22

Invalid Response.\r\nEnter Synchronous Response with Defender Password:\r\n

23

Enter Synchronous Response with Windows Password:\r\n

24

Invalid Response.\r\nEnter Synchronous Response with Windows Password:\r\n

25

SNK Challenge: %s \r\nEnter Response with Defender Password:\r\n

26

Invalid Response.\r\nSNK Challenge: %s \r\nEnter Response with Defender Password:\r\n

27

SNK Challenge: %s \r\nEnter Response with Windows Password:\r\n

28

Invalid Response.\r\nSNK Challenge: %s \r\nEnter Response with Windows Password:\r\n

39

Your Defender password has expired and must be changed\r\nEnter a new Defender password:\r\n

40

Your Windows password has expired and must be changed\r\nEnter a new Windows password:\r\n

41

Confirm your new Defender password:\r\n

42

Confirm your new Windows password:\r\n

43

Password change failed\r\nEnter a new Defender password:\r\n

44

Password change failed\r\nEnter a new Windows password:\r\n

45

Enter Synchronous Response with Defender Password:\r\n

46

Your token has expired and cannot be activated\r\nPlease contact your administrator.\r\n

47

Access Denied - No valid route found.\r\nPlease contact your administrator.\r\n

48

Access Denied - User account is disabled.\r\nPlease contact your administrator.\r\n

51

Access Denied - No user name.\r\nPlease contact your administrator.\r\n

52

Access Denied - Authentication not permitted at this time\r\n

53

Your token is not synchronised with Defender.\r\nEnter the next response.\r\n

54

Invalid Response.\r\nYour token is not synchronised with Defender.\r\nEnter the next response.\r\n

55

Your Defender password has expired and access has been forbidden.\r\n Please contact your system administrator.\r\n

56

Your Windows password has expired and access has been forbidden.\r\n Please contact your system administrator.\r\n

57

Configure your GrIDsure PIP:\r\n%s

58

Use your GrIDsure PIP:\r\n%s

59

Invalid Response.\r\nUse your GrIDsure PIP:\r\n%s

60

Invalid PIP.\r\nConfigure your GrIDsure PIP:\r\n%s

61

Your PIP has expired and must be changed.\r\nConfigure your GrIDsure PIP:\r\n%s

62

PIP change requested.\r\nConfigure your GrIDsure PIP:\r\n%s

63

PIP does not meet complexity rules.\r\nConfigure your GrIDsure PIP:\r\n%s

64

Access Denied - Ambiguous user name.\r\nPlease contact your administrator.\r\n

65

Your Windows account has expired and access has been forbidden.\r\nPlease contact your system administrator.\r\n

Appendix G: Defender Web Service API

The Defender Web Service API provides a public web interface to the administrative functionality of Defender.

The interface is exposed through the WebServiceAPI Web service. The installation program configures a windows service that will host the WebServiceAPI web service.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating