SecTrail software architecture consist of three modules which is almost same for both SecTrail OTP Gateway and SecTrail HotSpot Gateway Solutions
It handles and manages requests coming from users,machines or servers and responds delivered by “Identity Management Module”. The main goal of this module is to convert and convey data between outer requesters and “Identity Management Module while securing whole process.
Identity Management Module
This is the brain of SecTrail. It takes all decisions based on the codes which can be adapted for all kind of customer needs. Ruling all daemons such as AAA, HighAvailability, Logging, GUI etc… are performed by “IMM” module.
The task assigned this module is to communicate with outer operational servers and hosts such as sms gateways, email servers, external authentication servers and directory servers. It supports all kind of TCP or UDP protocols delivered on IPv4 or IPv6 packets.
SecTrail OTP Solution Example for Successful SMS Authentication with PulseSecure SSL VPN Appliance
1 User opens Pulse Secure login page and enters credentials
2 Pulse Secure Appliance sends user credentials via Radius packets to authenticate user
3 SecTrail OTP queries credentials and user attributes on MS Active Directory via LDAP
4 MS Active Directory responds user authentication and attributes queries
5 SecTrail OTP replies Pulse Secure Appliance with “User Authentication Accept” packet and tells Pulse Secure to redirect user SMS token control web page
6 While phase 5 happens SecTrail OTP also generates a token and send it to user via SMS gateway
7 SMS based token appears on user mobile phone
8 User enters token into second authentication page which is already redirected by PulseSecure
9 Pulse Secure queries the token entered by the user
10 SecTrail OTP confirms the token
11 Pulse Secure provides VPN access to user
SecTrail HotSpot Solution Example for Successful Guest Wireless Access with Ruckus Wireless Equipments
1 Guest user connects to Wireless Guest SSID
2 Wireless LAN Controller queries user on SecTrail HotSpot Gateway whether authenticated before or not.
3 SecTrail responds Wireless LAN Controller with a web redirect message for unauthenticated user.
4 Guest user’s redirects to SecTrail Hotspot customized captive portal instead of original web page which was requested before by the user.
5 Guest user enters cell phone number and his/her sponsor name on the captive portal.
6 SecTrail OTP replies Pulse Secure Appliance with “User Authentication Accept” packet and tells Pulse Secure to redirect user SMS token control web page
7 Wireless LAN Controller passes the information which was entered by the user to SecTrail HotSpot Gateway
8 SecTrail sends email notification mail to Guest user’s sponsor or Guest Admins to get confirmation.
9 Guest Admins or Sponsor confirms Guest user with a replied email.
10 SecTrail HotSpot Gateway sends “One Time Password” to user via SMS Gateway
11 SMS message appears on Guest User Mobile Phone screen
12 Guest User enters “One Time Password” on the captive portal token page.
13 “One Time Password”‘s queried by Wireless LAN Controller on SecTrail HotSpot Gateway
14 User Accepts message’s which sent by SecTrail HotSpot Gateway to Wireless LAN Controller
15 As a first step, “Welcome Message”s appears on Guest User browser then Guest user’s redirected to original web page.
16 A notification packet which includes session informations is sends to SIEM server by SecTrail HotSpot Gateway.