Configuring SecurID authentication
Use this procedure to configure the Authentication Server so it can perform SecurID authentication.
When you perform this procedure, you do not have to restart the Authentication Server if you are making changes to SecurID configuration. However, if you change the SecurID configuration, you must wait the amount of time specified by ReadConfigInterval (described below) until the new configuration values are read.
To configure SecurID authentication
- On the Authentication Server, start the Application Server Administration console (that is, the
blasadmin
utility). - To enable SecurID authentication, enter the following:
set AuthServer IsSecurIDAuthEnabled true
By default, SecurID authentication is not turned on. When set to false, all SecurID logon attempts are rejected. - Restart the Authentication Server.
- Provide the path to the RSA Authentication Manager's configuration file (sdconf.rec) by entering the following:
set SecurID ConfigFilePath <filePath>
where<filePath>
provides a local path to the sdconf.rec file.
For example,set SecurID ConfigFilePath
"e:\folder\folder\sdconf.rec
"
It is recommended to save the sdconf.rec file in the \br directory. - Do any of the following to set additional configuration options for SecurID:
- To instruct the RSA Authentication Agent which IP address to use if the Authentication Server has multiple IP addresses, enter the following:
set SecurID AgentHost <iPAddress>
- To specify the interval at which SecurID settings are read, enter the following:
set SecurID ReadConfigInterval <interval>
where<interval>
is the interval in seconds for reloading the configuration file. The valid range is 0 to 86400 (24 hours). The default is 600 seconds. - To specify the path to the RSA Authentication Manager's server status file, enter the following:
set SecurID StatusFilePath <filePath>
where<filePath>
is a local path to that file. If you do not provide a path, a new file is created in the TrueSight Server Automation /br directory. The default file name is JAStatus.1. - To specify the path to the RSA Authentication Manager's optional configuration file (sdopts.rec), enter the following:
set SecurID OptionsFilePath <filePath>
where<filePath>
is a local path to that file. This configuration file is used to configure a manual authentication load balancing policy. To specify the path to the RSA Authentication Manager's node secret file, enter the following:
set SecurID NodeSecretFilePath <filePath>
where<filePath>
is a local path to the node secret file.- To specify the path to the SecurID log file, enter the following:
set SecurID LogFilePath <filePath>
where<filePath>
is local path to the log file. - To turn on logging, enter the following:
set SecurID LogToFile true | false
If set totrue
, the RSA SecurID module creates log entries in the file specified by the LogFilePath option. By default, this option is set tofalse
. To set the logging level, enter the following:
set SecurID LogLevel OFF | DEBUG | INFO | WARN | ERROR | FATAL
By default, this option is set toOFF
.Note
SecurID configuration settings are stored in <installDirectory>/br/deployments/<deploymentName>/options/securid-options.properties. You can manually edit this file to specify additional debug options, such as RSA_ENABLE_DEBUG=YES. Refer to the RSA product documentation for a description of supported settings.
- To instruct the RSA Authentication Agent which IP address to use if the Authentication Server has multiple IP addresses, enter the following:
Cross-register users in both the SecurID user registry and the RBAC user data base.
- Set up authentication profiles using SecurID authentication on the TrueSight Server Automation client.
See System capabilities related to security and the Managing authorizations.
Comments
Log in or register to comment.