FAQ

Freja responds to three interfaces: RADIUS, used primarily for integration with VPN solutions; Freja SOAP, a simple, web-services based interface for quick integration with applications which need strong two-factor authentication; and Freja Security Token Service (STS), an advanced, WS-Trust based interface for applications which can consume SAML authentication assertions.

Freja can be used to provide authentication to any VPN solution that can delegate authentication decisions through the RADIUS protocol. Our existing customers use Juniper SA (SSL VPN), Cisco ASA, Checkpoint, to name a few. We provide sample how-to instructions upon request.

Similar to VPN solutions, Microsoft ISA can delegate authenticate authentications through the RADIUS protocol to Freja.

There are several ways of integration but by far the simplest one is to allow strong authentication to complement the existing dotNetNuke authentication. In other words, following the username/password authentication integrated into the portal environment the application looks up the token associated with the user in its user-store, prompts the user for a one-time password and makes a call to one of the Freja SOAP interfaces to validate it.

Whilst the overall performance will depend on the network and directory performance, Freja will perform about 350 OATH authentications per second or 50 Kerberos password authentications. A pair of appliances clustered in active-active mode will sustain in excess of 600 OATH authentications per second or 90 Kerberos password authentications.

Installation is a service we include with the appliance purchase. Inclusive of mounting into a rack in the data-center, initial network configuration, eventual upgrade of the factory loaded firmware and application components with latest ones available from Verisec, final configuration, eventual clustering of appliances and test you should set aside about a half a day.

Freja stores no user information on the appliance itself. It relies exclusively on the customer existing user directory to store information it needs for authentication or for including alongside the authentication decision to calling applications.

Freja has no specific schema requirements. It is completely configurable to use attributes from standard directory schemas such as organisationalPerson (for example, pager or facsimileTelephoneNumber) or arbitrary schema extensions.

Freja support the usage of time- and event-based OATH tokens. It has been successfully tested with a variety authenticators in the market including traditional tokens, mobile tokens as well as pre-printed OATH solutions in a variety of formats. In terms of traditional tokens Freja has been tested with both PIN based devices (for example, ActivIdentity Pocket token and Vasco DP261) as well as simpler tokens that do not require a PIN (for example, Actividentity Mini token, Vasco GO 3 and NagraID), as well as USB devices (for example, Yubikey OATH).

All VPN solutions allow for using a cluster of Freja appliances in order to achieve high availability. In such cases tone appliance in the cluster is typically configured as the primary appliance whereas the other appliance wi