Multifactor authentication depends on the external system to authenticate biometric or facial data that ICPAM receives from the generic reader. ICPAM does not claim support to authenticate the received data. The controller authenticates the data based on the badge swipe by the user and HTTPS MFA requests it receives from external devices configured as generic readers in ICPAM.
The external system must send the following HTTPS request for establishing a session with GW
For example:
POST /fcgi/user.login?login HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 10.78.179.95
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-au
Cache-Control: no-cache
username=gwadmin&password=Cisco123&TRACKID=12345
The external system after authenticating the biometric data must send the following HTTPS request to GW
For example:
POST /fcgi/webmgr.ac?post_generic_rdr_event HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 10.78.179.95
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-au
Cache-Control: no-cache
hibadge=0&lobadge=34959&Generic_Reader_id=GR1&TRACKID=12345
where:
TRACKID—user defined cookie
hibadgeq—higher 32 bits of a badge (supports a maximum of 64 bits)
lobadge—lower 32 bits of a badge
Generic_Reader_id—ID of the generic reader as configured under the Generic Reader Module.
See also: