Skip to main content

The WiKID Blog

Viewing posts by root

How do I set up Mutual HTTPS Authentication?

Mutual HTTPS Authentication can add a lot of security to your two-factor authentication setup by thwarting most network-based MiTM attacks.  Here are somethings to consider:

How can I update the WiKID server when it is not on the Internet?

Simply download the latest WiKID ISO and burn it to a disc.  Mount it on your machine and run:

How can I restart the server without being asked for the passphrase?

The server can be started without a passphrase by creating a file called /etc/WiKID/security and entering "WAUTH_PASSPHRASE=passphrase" on the first line. This allows a restart without manual intervention.  If your passphrase has spaces, put it in single quotes:  "WAUTH_PASSPHRASE='pass phrase'

Will the WiKID token run on a USB Token?

Yes. It can run on any USB drive and because we use asymmetric keys and the key pairs will be generated on the USB drive, the distribution of tokens is much easier. Any user can get any fresh USB drive and use it.

What is the base architecture of WiKID Authentication?

WiKID Strong Authentication consists of two main elements, the WiKID Strong Authentication Server  and the WiKID Two-factor Client for user devices. The WiKID Strong Authentication Server interfaces with various Network Clients, such as firewalls, VPN services, Citrix, directories or applications via Protocol Modules, such as RADIUS, LDAP, SMB or the WiKID Authentication Protocol, an SSL-encapsulated API for web-enabled application integration.

When a user wants to login,say to a VPN service, they enter a PIN into the WiKID Software token client, it is encrypted by the public key of the WiKID server and sent to the server. If the encryption is valid, the PIN is correct and the account is active, the server returns the one-time passcode encrypted by the Client's public key. The user then enter their username and one-time passcode into the VPN client. The VPN service forwards the credentials to the WiKID server via a protocol such as Radius for validation.

Recent Posts







RSS / Atom