000015963 - Offline Authentication

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015963
Applies ToRSA Authentication Manager 7.1
Dayfiles can be downloaded as part of the Authentication process, or they can be downloaded in response to events outside of authentication.  
When they are downloaded as part of the authentication process, it is the Auth Manager who determines if dayfiles are needed or not.  This determination is made, based upon the download policy?s fields of number of dayfiles requested and the number of remaining usable dayfiles, set as a guage, for giving the user warning that he/she is low on dayfiles.  When the number of usable dayfiles drops to, or below, the number set for giving warning that the number of remaining usable dayfiles is low, the Auth Manager will give status during authentication, that dayfiles should be requested.  If the status states that a request should be made, the request is made at the time that AceClose is called to terminate the authentication process.  When dayfiles are downloaded in this manner, an authentication ticket is presented as part of the download request for prooving that the request is legitimate.  The number of dayfiles, downloaded will be the remainder of the total per user minus the number of dayfiles set for giving warning of new dayfiles to be downloaded.
In this respect the dayfile downloads are incremental.
When dayfiles are downloaded in response to events outside of authentication,  the number of files downloaded can vary, depending upon the event that triggers the download.  The notification icon will display a warning when dayfiles are needed, so if the Security Center is brought by the user, in response to seeing the warning, an auto download will be invoked to download the number of dayfiles needed to bring the number of usable dayfiles back to the total specified in the download policy.  The notification icon displays the warning when the number of usable dayfiles drops to or below the number set in the policy as the low-mark for remaining usable dayfiles.  Only the number of dayfiles, needed to bring the number of usable dayfiles back to the total, will be downloaded.   Other events can trigger a complete set of new dayfiles to be downloaded.  One such event is the changing of a user?s windows password.  Policy changes will, also, trigger auto-downloads.  If a policy change, for example, is for increasing the total number of dayfiles to download, the number of extra downfiles, determined by the policy change, will be downloaded.
Whatever Agent functions are performed as part of a login authentication, the same functions are performed as part of a screen unlock.  This promotes modularization for performing similar, sometimes complex functions. 
 
IssueHow offline data download works?
Offline authentication data download is intermittent
What are the instances where the offline data is been requested by a LAC?
Offline Data Download Failure
 
Legacy Article IDa58152

Attachments

    Outcomes