Cisco Physical Access Manager User Guide, Release 1.4.1

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Cisco Physical Access Manager User Guide, Release 1.4.1

Chapter Title

Multifactor Authentication

PDF - Complete Book (61.73 MB) PDF - This Chapter (715.0 KB)
View with Adobe Reader on a variety of devices

Results

Chapter: Multifactor Authentication

Contents
Configuring Generic Readers
Associating Generic Reader with Doors
- Additional Information

Multifactor Authentication

From1.4.1 Release,the user can integrate additional access control devices like biometric devices to the Cisco PAM to ensure security. These devices are configured as Generic Readers in the Cisco PAM server. The Generic readers are associated with doors and finally configured to a specific gateway. Once configured, the gateway maps the data from the Generic Reader and matches it with the server, If matched , the events are triggered accordingly.

The Generic Readers are restricted by location hierarchy when the hierarchical location is set in the Data Entry/Validation - Login

•Configuring Generic Readers

•Associating Generic Reader with Doors

Configuring Generic Readers


	To do this
Step 1	From the Doors menu, click Generic Readers.
Step 2	The Generic Reader window opens. Click Add. Enter the following fields: •Name (alpha-numeric characters) •ID (numeric) Select values in the following drop down lists: •Generic reader type •Generic reader category •Hierarchical location Select the ADA enabled radio button. Tip Ensure that Name and ID are similar.
Step 3	Click Save and Close. The Reader information is listed in the Generic Reader window. Note Only users with Admin rights are permitted to configure generic readers.

Associating Generic Reader with Doors


	To do this
Step 1	From the Doors menu, select Hardware. The gateway drivers, gateways and doors are displayed.
Step 2	Select the door and right click to view the drop down menu.Click Associate Generic Reader. An Associate Generic reader window opens.
Step 3	Select the Generic Reader from the list and click OK.The Generic Reader is configured to the door. Note You can associate a maximum of six Generic Readers to a door.
Step 4	Click Dissociate Generic Reader to remove a reader from the door configuration. Note The drop down menu displays the list of generic readers assigned to the door.
Step 5	Right click the door and select Edit. The Edit Door window opens. Select Properties to view the Generic Readers added to the door and the Multifactor Authentication timer (sec). You can edit the timer and set the time. Note The default value of Multifactor Authentication timer (sec) is 10 seconds.

Note•The generic readers configured by the cpamadmin is not restricted to any hierarchical location.

•When a location-restricted user creates a generic reader, the hierarchical location field is auto-populated.

•The location-restricted users can access only devices (generic readers) of their location and the events for these devices alone is populated for them.

Note These points are applicable only when the Profile enhancement feature is set in the System Configuration of the Cisco PAM. Otherwise the Cisco PAM appliance retains its behavior as in the previous version (1.3).

Additional Information

Multifactor authentication depends on the external system to authenticate biometric or facial data that the Cisco PAM receives from the generic reader. The Cisco PAM does not claim support to authenticate the received data. The gateway authenticates the data based on the badge swipe by the user and HTTPS MFA requests it receives from external devices configured as generic readers in Cisco PAM.

The External system must send the following HTTPS request for establishing a session with GW

For example:

POST /fcgi/user.login?login HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, 
application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, 
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 
2.0.50727)

Host: 10.78.179.95

Content-Length: 48

Content-Type: application/x-www-form-urlencoded

Accept-Language: en-au

Cache-Control: no-cache

username=gwadmin&password=Cisco123&TRACKID=12345

The External system after authenticating the biometric data must send the following HTTPS request to GW

For example:

POST /fcgi/webmgr.ac?post_generic_rdr_event HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, 
application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, 
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 
2.0.50727)

Host: 10.78.179.95

Content-Length: 59

Content-Type: application/x-www-form-urlencoded

Accept-Language: en-au

Cache-Control: no-cache

hibadge=0&lobadge=34959&Generic_Reader_id=GR1&TRACKID=12345

where,

TRACKID — user defined cookie

hibadgeq—higher 32 bits of a badge (badge supports max of 64 bits)

lobadge—lower 32 bits of a badge

Generic_Reader_id—ID of the generic reader as configured under the Generic Reader Module.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)