CA Strong Authentication Administration Guide › How to Configure CA AuthMinder for RADIUS › Create or Update a Credential Type Resolution Configuration

Create or Update a Credential Type Resolution Configuration

Perform the procedure described in this section only if you set the In-Band Password option as the authentication type while adding a RADIUS client.

You can configure credential type resolution for mapping an in-band password to any one of the following authentication types:

• Password
• ArcotOTP-OATH
• OATH OTP Token
• OTP/Activation Code
• ArcotOTP-EMV
• RADIUS OTP
• LDAP Password
• Native Token

The following predefined credential type resolutions are available in CA AuthMinder:

• VerifyArcotOTP-EMV
• VerifyArcotOTP-OATH
• VerifyLDAPPassword
• VerifyNativeToken
• VerifyOATH
• VerifyOTP
• VerifyOTT
• VerifyPassword

If any of these predefined credential type resolution configurations meet your requirements for processing in-band passwords, then you need not perform the procedure described in this section. Perform the procedure only if none of these predefined configurations meet your requirements.

You assign credential type resolution as the default for the organization. You can also configure credential type resolution per user by configuring a custom user attribute that specifies the mechanism to be used for each user. This custom user attribute is part of the credential type resolution configuration.

Follow these steps:

1. Perform the following steps if you want to add RADIUS clients at the global level:
   1. Click the Services and Server Configurations tab on the main menu.
   2. Ensure that the CA Strong Authentication tab is selected.
2. Perform the following steps if you want to add RADIUS clients at the organization level:
   1. Click the Organizations tab.
   2. Search for the organization.
   3. Select the organization from the search results.
   4. Click the CA Strong Authentication tab.
3. Click Credential Type Resolution in the left pane.

   The Credential Type Resolution Configuration screen opens.

4. Click Create.
5. Enter a name for the configuration.
6. When you want to copy an existing configuration:
   1. Select the Copy Configuration check box.
   2. From the Available Configurations drop-down list, select the configuration that you want to copy.
7. From the Resolve plain to drop-down list, select the credential type to which you want to map the incoming password type credential.
8. (Optional) If you have created a custom user attribute for specifying the credential type, then specify the name of that custom attribute in the User Custom Attribute For Credential Type field.

   When a RADIUS authentication request is received, the credential type specified in this custom user attribute overrides the credential type that you configure in the preceding step. If the credential type is not specified in the custom user attribute, then the credential type that you configure in the preceding step is used as the default credential type.

   While a user is being created, ensure that the value for the custom user attribute is set to one of the following integer values:

   • Password: 1
   • ArcotOTP-OATH: 8
   • OATH OTP Token: 7
   • OTP/Activation Code: 4
   • ArcotOTP-EMV: 8
   • RADIUS OTP: 5
   • LDAP Password: 10
   • Native Token: 11

   For example, if you want the custom user attribute to specify OATH OTP Token as the credential type, then ensure that 7 is set as the value of the custom user attribute.

9. Click Save.

   The credential type resolution configuration is saved.