Out of support

 

This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using RSA SecurID for authentication

RSA SecurID provides a two-factor authentication scheme for user authentication. This approach uses a password that has a very short life span, typically one minute. By combining a passcode with a hardware generated token value, users are authenticated with this short-span password. This method of authentication narrows the opportunity for exploitation by anyone who manages to eavesdrop on the Transport Layer Security (TLS) confidential communications.

Note

After authentication, the combination passcode + token is no longer valid.

To configure the SecurID module

To use SecurID Chain for user authentication, the module must first be configured with information about the RSA Authentication Manager server. This information is contained in the sdconf.rec file. After being configured, SecurID Chain is enabled for authentication use.

  1. Copy the sdconf.rec file retrieved from the RSA SecurID server to the BMC Atrium Single Sign-On server at the following location:
    <installationDirectory>/BMC Software/BMC Atrium SSO/tomcat/webapps/BMC Atrium SSO/WEB-INF/config/BMC Atrium SSO/auth/ace/data
  2. Configure the SecurID module.

    1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
    2. On the Main tab (default), select a User Profile type.

      Note

      The User Profile applies to all authentication methods used for authentication.

    3. In the Realm Authentication panel, click Add for a new authentication method and select the method. Alternatively, if you want to edit an existing module, select the module and click Edit.
    4. Provide the parameters for the method and Save.
    5. Set the flag for the authentication method.
  3. (Optional) Edit the rsa_api.properties file for additional configuration.

SecurID parameters

When adding or editing a SecureID module, the following options are available:

  • Save to save your modifications.
  • Reset to remove your modifications and stay on the editor.
  • Help launches a browser that provides you with online help.
  • Cancel to cancel and return to the launch page.

Parameters

Description

ACE/Server Configuration Path

Specify the full path for the new location of the sdconf.rec file.
The configuration path is used to specify the location of the sdconf.rec file used to contact the RSA SecurID server.

To modify the rsa_api.properties file

Additional configuration of the SecurID module communications with the RSA Authentication Manager is available by editing the rsa_api.properties file.

Properties of primary importance (and their default values)

  • SDCONF_FILE (FILE)
  • SDCONF_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdconf.rec
  • SDSTATUS_TYPE (FILE)
  • SDSTATUS_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdstatus
  • SDNDSCRT_TYPE (FILE)
  • SDNDSCRT_LOC: <configurationDirectory>/<uri>/auth/ace/data/secured
  • RSA_LOG_FILE: <configurationDirectory>/<uri>/debug/rsa_api.log
  • RSA_LOG_LEVEL (INFO; other values are OFF, DEBUG, WARN, ERROR, FATAL)
  • RSA_DEBUG_FILE, if RSA_ENABLE_DEBUG=YES: <configurationDirectory>/<uri>/debug/rsa_api_debug.log

Where to go from here

  • In Administering, see managing users, user groups, and authentication modules.
Was this page helpful? Yes No Submitting... Thank you

Comments