Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Physical Access Manager User Guide, Release 1.4.1

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Physical Access Manager User Guide, Release 1.4.1

Chapter Title

Multifactor Authentication

Results

Chapter: Multifactor Authentication


Multifactor Authentication

From1.4.1 Release,the user can integrate additional access control devices like biometric devices to the Cisco PAM to ensure security. These devices are configured as Generic Readers in the Cisco PAM server. The Generic readers are associated with doors and finally configured to a specific gateway. Once configured, the gateway maps the data from the Generic Reader and matches it with the server, If matched , the events are triggered accordingly.

The Generic Readers are restricted by location hierarchy when the hierarchical location is set in the Data Entry/Validation - Login

Contents

Configuring Generic Readers

Associating Generic Reader with Doors

Configuring Generic Readers

 
To do this

Step 1 

From the Doors menu, click Generic Readers.

Step 2 

The Generic Reader window opens. Click Add.

Enter the following fields:

Name (alpha-numeric characters)

ID (numeric)

Select values in the following drop down lists:

Generic reader type

Generic reader category

Hierarchical location

Select the ADA enabled radio button.

Tip Ensure that Name and ID are similar.

Step 3 

Click Save and Close. The Reader information is listed in the Generic Reader window.

Note Only users with Admin rights are permitted to configure generic readers.

Associating Generic Reader with Doors

 
To do this

Step 1 

From the Doors menu, select Hardware. The gateway drivers, gateways and doors are displayed.

Step 2 

Select the door and right click to view the drop down menu.Click Associate Generic Reader. An Associate Generic reader window opens.

Step 3 

Select the Generic Reader from the list and click OK.The Generic Reader is configured to the door.

Note You can associate a maximum of six Generic Readers to a door.

Step 4 

Click Dissociate Generic Reader to remove a reader from the door configuration.

Note The drop down menu displays the list of generic readers assigned to the door.

Step 5 

Right click the door and select Edit. The Edit Door window opens. Select Properties to view the Generic Readers added to the door and the Multifactor Authentication timer (sec). You can edit the timer and set the time.

Note The default value of Multifactor Authentication timer (sec) is 10 seconds.

NoteThe generic readers configured by the cpamadmin is not restricted to any hierarchical location.

When a location-restricted user creates a generic reader, the hierarchical location field is auto-populated.

The location-restricted users can access only devices (generic readers) of their location and the events for these devices alone is populated for them.

Note These points are applicable only when the Profile enhancement feature is set in the System Configuration of the Cisco PAM. Otherwise the Cisco PAM appliance retains its behavior as in the previous version (1.3).

Additional Information

Multifactor authentication depends on the external system to authenticate biometric or facial data that the Cisco PAM receives from the generic reader. The Cisco PAM does not claim support to authenticate the received data. The gateway authenticates the data based on the badge swipe by the user and HTTPS MFA requests it receives from external devices configured as generic readers in Cisco PAM.

The External system must send the following HTTPS request for establishing a session with GW

For example: 

POST /fcgi/user.login?login HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, 
application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, 
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 
2.0.50727)

Host: 10.78.179.95

Content-Length: 48

Content-Type: application/x-www-form-urlencoded

Accept-Language: en-au

Cache-Control: no-cache

 
   
 
    
   
 
    
username=gwadmin&password=Cisco123&TRACKID=12345

 
   
 
    
    
    
   
 The External system after authenticating the biometric data must send the following HTTPS request to GW 
 
    
   
 For example: 
 
    
   
 
    
POST /fcgi/webmgr.ac?post_generic_rdr_event HTTP/1.1

 
   
 
    
   
 
    
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, 
application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, 
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

 
   
 
    
   
 
    
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 
2.0.50727)

 
   
 
    
   
 
    
Host: 10.78.179.95

 
   
 
    
   
 
    
Content-Length: 59

 
   
 
    
   
 
    
Content-Type: application/x-www-form-urlencoded

 
   
 
    
   
 
    
Accept-Language: en-au

 
   
 
    
   
 
    
Cache-Control: no-cache

 
   
 
    
   
 
    
 
   
 
    
   
 
    
hibadge=0&lobadge=34959&Generic_Reader_id=GR1&TRACKID=12345

 
   
 
    
    
   
 where, 
 
    
   
 TRACKID — user defined cookie 
 
    
   
 hibadgeq—higher 32 bits of a badge (badge supports max of 64 bits) 
 
    
   
 lobadge—lower 32 bits of a badge 
 
    
   
 Generic_Reader_id—ID of the generic reader as configured under the Generic Reader Module. 
 
    
    
   


 
 
    

    

        













    

        

    
    
    
















  
Was this Document Helpful?

  
    
    
  
  
      
      FeedbackFeedback
  






			
    

	













  
    
  



    

			
    

	












    
Contact Cisco