×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
TrueSight Server Automation 21.02 ... Configuring after installation Administering security Implementing authentication Implementing RSA SecurID authentication

Configuring SecurID authentication

Use this procedure to configure the Authentication Server so it can perform SecurID authentication.

When you perform this procedure, you do not have to restart the Authentication Server if you are making changes to SecurID configuration. However, if you change the SecurID configuration, you must wait the amount of time specified by ReadConfigInterval (described below) until the new configuration values are read.

To configure SecurID authentication

  1. On the Authentication Server, start the Application Server Administration console (that is, the blasadmin utility).
  2. To enable SecurID authentication, enter the following:
    set AuthServer IsSecurIDAuthEnabled true
    By default, SecurID authentication is not turned on. When set to false, all SecurID logon attempts are rejected.
  3. Restart the Authentication Server.
  4. Provide the path to the RSA Authentication Manager's configuration file (sdconf.rec) by entering the following:
    set SecurID ConfigFilePath <filePath>
    where <filePath> provides a local path to the sdconf.rec file.
    For example, set SecurID ConfigFilePath "e:\folder\folder\sdconf.rec"
    It is recommended to save the sdconf.rec file in the \br directory.
  5. Do any of the following to set additional configuration options for SecurID:
    • To instruct the RSA Authentication Agent which IP address to use if the Authentication Server has multiple IP addresses, enter the following:
      set SecurID AgentHost <iPAddress>
    • To specify the interval at which SecurID settings are read, enter the following:
      set SecurID ReadConfigInterval <interval>
      where <interval> is the interval in seconds for reloading the configuration file. The valid range is 0 to 86400 (24 hours). The default is 600 seconds.
    • To specify the path to the RSA Authentication Manager's server status file, enter the following:
      set SecurID StatusFilePath <filePath>
      where <filePath> is a local path to that file. If you do not provide a path, a new file is created in the TrueSight Server Automation /br directory. The default file name is JAStatus.1.
    • To specify the path to the RSA Authentication Manager's optional configuration file (sdopts.rec), enter the following:
      set SecurID OptionsFilePath <filePath>
      where <filePath> is a local path to that file. This configuration file is used to configure a manual authentication load balancing policy.

    • To specify the path to the RSA Authentication Manager's node secret file, enter the following:
      set SecurID NodeSecretFilePath <filePath>
      where <filePath> is a local path to the node secret file.

      The node secret file is created automatically the first time the Authentication Service successfully connects to the RSA Authentication Manager. The default file name is securid. If you do not define a path, the file is automatically created in the TrueSight Server Automation /br directory. If multiple Application Servers are running on the same host, they should all use the same node secret file.
      If you are running other applications that also use RSA authentication, they might need to share the same node secret file that the Application Server is using. When multiple applications share a node secret file, you must ensure that the Application Server can access the node secret file by granting the appropriate operating system-level permissions to the file. On UNIX, you must grant permission to the bladmin user; on Windows you must grant permission to SYSTEM. Other applications might have similar access requirements.

    • To specify the path to the SecurID log file, enter the following:
      set SecurID LogFilePath <filePath>
      where <filePath> is local path to the log file.
    • To turn on logging, enter the following:
      set SecurID LogToFile true | false
      If set to true, the RSA SecurID module creates log entries in the file specified by the LogFilePath option. By default, this option is set to false.

    • To set the logging level, enter the following:
      set SecurID LogLevel OFF | DEBUG | INFO | WARN | ERROR | FATAL
      By default, this option is set to OFF.

      Note

      SecurID configuration settings are stored in <installDirectory>/br/deployments/<deploymentName>/options/securid-options.properties. You can manually edit this file to specify additional debug options, such as RSA_ENABLE_DEBUG=YES. Refer to the RSA product documentation for a description of supported settings.

  6. Cross-register users in both the SecurID user registry and the RBAC user data base.

    Users must be registered in both the SecurID user registry and the TrueSight Server Automation RBAC-based user database. Cross-registration allows users to be authorized for RBAC roles.
    Only users authorized to use TrueSight Server Automation should be entered into the TrueSight Server Automation database. Use RBAC to add users to the database. For information about adding users to RBAC, see Creating users.
    TrueSight Server Automation documentation assumes you know how to add users to the SecurID user registry.

  7. Set up authentication profiles using SecurID authentication on the TrueSight Server Automation client.
    See System capabilities related to security and the Managing authorizations.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Bipin Inamdar on Jul 06, 2020
security securid authentication

Comments

Log in or register to comment.

Configuring the RSA Authentication Manager
Implementing LDAP authentication
© Copyright 1996-2021 BladeLogic, Inc. © Copyright 2014-2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.