立即与支持人员聊天
与支持团队交流

Defender 6.4 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Defender Security Server messages

Messages containing %s will have this replaced with challenge data; this can be obtained via the challengeMessageData property. \r\n denotes a carriage return followed by a line feed.

 

Table 53:

Defender Security Server messages

Message ID

Default text

00

Enter Synchronous Response:\r\n

01

Invalid Synchronous Response.\r\nEnter Synchronous Response:\r\n

02

Access Denied.\r\n

03

Your PIN has expired and must be changed.\r\nEnter Current PIN and required PIN and confirm PIN:\r\n

04

Enter Defender Password:\r\n

05

Invalid Password.\r\nEnter Defender Password:\r\n

06

PIN change failed, try again.\r\nEnter Current PIN and required PIN and confirm PIN:\r\n

07

Your token is not synchronised to the current system clock.\r\nEnter the next response.\r\n

08

Invalid Response.\r\nYour token is not synchronised to the current system clock.\r\nEnter the next response.\r\n

10

SNK Challenge: %s \r\nEnter Response:\r\n

11

Invalid Response\r\nSNK Challenge: %s \r\nEnter Response:\r\n

12

Confirm Response\r\nSNK Challenge: %s \r\nEnter Response:\r\n

15

Access Approved.\r\n

16

Call has been intercepted by Defender 5. Unauthorized use of this system is PROHIBITED!\r\n\r\nEnter ID:

17

Your account is locked due to excess violations.\r\n

18

Your token appears to be upside down.\r\nRotate it and enter the next response.\r\n

19

Invalid Response.\r\nYour token appears to be upside down.\r\nRotate it and enter the next response.\r\n

20

Enter Windows Password:\r\n

21

Invalid Windows Password.\r\nEnter Windows Password:\r\n

22

Invalid Response.\r\nEnter Synchronous Response with Defender Password:\r\n

23

Enter Synchronous Response with Windows Password:\r\n

24

Invalid Response.\r\nEnter Synchronous Response with Windows Password:\r\n

25

SNK Challenge: %s \r\nEnter Response with Defender Password:\r\n

26

Invalid Response.\r\nSNK Challenge: %s \r\nEnter Response with Defender Password:\r\n

27

SNK Challenge: %s \r\nEnter Response with Windows Password:\r\n

28

Invalid Response.\r\nSNK Challenge: %s \r\nEnter Response with Windows Password:\r\n

39

Your Defender password has expired and must be changed\r\nEnter a new Defender password:\r\n

40

Your Windows password has expired and must be changed\r\nEnter a new Windows password:\r\n

41

Confirm your new Defender password:\r\n

42

Confirm your new Windows password:\r\n

43

Password change failed\r\nEnter a new Defender password:\r\n

44

Password change failed\r\nEnter a new Windows password:\r\n

45

Enter Synchronous Response with Defender Password:\r\n

46

Your token has expired and cannot be activated\r\nPlease contact your administrator.\r\n

47

Access Denied - No valid route found.\r\nPlease contact your administrator.\r\n

48

Access Denied - User account is disabled.\r\nPlease contact your administrator.\r\n

51

Access Denied - No user name.\r\nPlease contact your administrator.\r\n

52

Access Denied - Authentication not permitted at this time\r\n

53

Your token is not synchronised with Defender.\r\nEnter the next response.\r\n

54

Invalid Response.\r\nYour token is not synchronised with Defender.\r\nEnter the next response.\r\n

55

Your Defender password has expired and access has been forbidden.\r\n Please contact your system administrator.\r\n

56

Your Windows password has expired and access has been forbidden.\r\n Please contact your system administrator.\r\n

57

Configure your GrIDsure PIP:\r\n%s

58

Use your GrIDsure PIP:\r\n%s

59

Invalid Response.\r\nUse your GrIDsure PIP:\r\n%s

60

Invalid PIP.\r\nConfigure your GrIDsure PIP:\r\n%s

61

Your PIP has expired and must be changed.\r\nConfigure your GrIDsure PIP:\r\n%s

62

PIP change requested.\r\nConfigure your GrIDsure PIP:\r\n%s

63

PIP does not meet complexity rules.\r\nConfigure your GrIDsure PIP:\r\n%s

64

Access Denied - Ambiguous user name.\r\nPlease contact your administrator.\r\n

65

Your Windows account has expired and access has been forbidden.\r\nPlease contact your system administrator.\r\n

Appendix G: Defender Web Service API

The Defender Web Service API provides a public web interface to the administrative functionality of Defender.

The interface is exposed through the WebServiceAPI Web service. The installation program configures a windows service that will host the WebServiceAPI web service.

API methods

 

Table 54:

API methods

Method

Description

AddSoftwareTokenToUser method

Assigns a Defender Software token to a user.

AddTokenToUser method

Assigns a Defender token to a user.

GetTokensForUser method

Gets a list of Defender tokens assigned to a user.

RemoveAllTokensFromUser method

Unassigns all Defender tokens from a user.

RemoveDefenderPassword method

Deletes the Defender password for a user or all users in a group.

RemovePinFromUserToken method

Removes a user's PIN from an assigned token.

RemoveTemporaryResponse method

Removes a temporary response from a user's assigned token.

RemoveTokenFromUser method

Unassigns a Defender token from a user.

ResetDefenderToken method

Resets a Defender token to aid authentication when the token is out of synchronization with the server.

ResetDefenderViolationCount method

Reset a user's Defender violation count. Also allows the violation and reset counts to be viewed without resetting them.

SetDefenderPassword method

Sets the Defender password for a user or all users in a group.

SetPinOnUserToken method

Sets a user's PIN for an assigned token.

SetTemporaryResponse method

Sets a temporary response on a user's assigned token.

TestDefenderToken method

Tests a Defender token's response.

AddSoftwareTokenToUser method

If this operation resulted in the token being assigned, then the AssignedToken.TokenCommonName will match the tokenCommonName parameter. If the token was already assigned to this user, then the AssignedToken.TokenCommonName will contain a text message indicating that it was already assigned.

The type of the token added may be one of the following values:

  • Windows
  • IToken
  • Mobile
  • Android
  • EmailOTP
  • Java
  • GrIDsure
  • Authy
  • GoogleAuth
  • MicrosoftAuth

  • OneLoginAuth

These types produce tokens for use on the following platforms:

  • Windows  Windows operating system.
  • IToken  iPhone, iPad, or iPod devices running the iOS operating system.
  • Mobile  SMS token, where a text message containing one-time passwords is sent to the user's mobile phone.
  • Android  Devices running the Android operating system.
  • EmailOTP  E-mail token, where an e-mail message containing one-time passwords is sent to the user.
  • Java  Windows, Mac OS, or Linux operating system that supports Java applications.
  • GrIDsure GrIDsure token allowing users to authenticate themselves with a GrIDsure Personal Identification Pattern.
  • Authy Authy token allowing users to authenticate themselves with one-time passwords generated by the Authy app.
  • GoogleAuth Google Authenticator token allowing users to authenticate themselves with one-time passwords generated by Google Authenticator.
  • MicrosoftAuth Microsoft Authenticator token allowing users to authenticate themselves with one-time passwords generated by Microsoft Authenticator.

  • OneLoginAuth OneLogin Authenticator token allowing users to authenticate themselves with one-time passwords generated by OneLogin Authenticator.

C# syntax
[OperationContract]
[FaultContract(typeof(FaultException))]
AssignedSoftwareToken AddSoftwareTokenToUser(string userCommonName, ProgrammableSoftwareTokenType tokenType, string tokenPin, SoftwareTokenConfiguration configuration, string userSearchBase);

Parameters

  • userCommonName  Common name of the user to whom the token will be assigned.
  • tokenType  The type of the token added.
  • tokenPin  Optional parameter to specify PIN to assign to the user's token. PINs cannot be used when programming a Windows token.
  • configuration Optional parameter to configure the following activation and passphrase settings:
    • Activation Code Timeout Days To configure the number of days for which the token activation code is valid. The default value is 7.
    • Enabling Passphrase Locking To configure whether to lock the token passphrase after a specified number of unsuccessful attempts.
    • Passphrase Attempts The configure the number of unsuccessful attempts after which the token passphrase is locked.
    • Require Passphrase To configure whether the token requires a passphrase or not.
    • Require Strong Passphrase To configure whether a strong passphrase is required or not.
    • Show Passphrase Alerts To configure whether to display alerts about failed passphrase attempts or not.
  • userSearchBase  Optional parameter to specify base container from which to search for users.

Return value

If no error occurs, an AssignedToken is returned. In the case of an error, a Fault is generated. The faultCode can be one of the following:

  • ArgumentOutOfRange  One of the arguments was invalid, further details will be contained in the faultstring.
  • UnknownFault  Any other error, further details may be included in the faultstring.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级