×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.
BMC Atrium Single Sign-On 9.0 ... Installing Configuring after installation

Using RSA SecurID for authentication

RSA SecurID provides a two-factor authentication scheme for user authentication. This approach uses a password that has a very short life span, typically one minute. By combining a passcode with a hardware generated token value, users are authenticated with this short-span password. This method of authentication narrows the opportunity for exploitation by anyone who manages to eavesdrop on the Transport Layer Security (TLS) confidential communications.

Note

After authentication, the combination passcode + token is no longer valid.

To configure the SecurID module

To use SecurID Chain for user authentication, the module must first be configured with information about the RSA Authentication Manager server. This information is contained in the sdconf.rec file. After being configured, SecurID Chain is enabled for authentication use.

  1. Copy the sdconf.rec file retrieved from the RSA SecurID server to the BMC Atrium Single Sign-On server at the following location:
    <installationDirectory>/BMC Software/BMC Atrium SSO/tomcat/webapps/BMC Atrium SSO/WEB-INF/config/BMC Atrium SSO/auth/ace/data

  2. Configure the SecurID module.

    Unknown macro: {multi-excerpt-include}
  3. (Optional) Edit the rsa_api.properties file for additional configuration.

SecurID parameters

When adding or editing a SecureID module, the following options are available:

Unknown macro: {multi-excerpt-include}

Parameters

Description

ACE/Server Configuration Path

Specify the full path for the new location of the sdconf.rec file.
The configuration path is used to specify the location of the sdconf.rec file used to contact the RSA SecurID server.

To modify the rsa_api.properties file

Additional configuration of the SecurID module communications with the RSA Authentication Manager is available by editing the rsa_api.properties file.

Properties of primary importance (and their default values)

  • SDCONF_FILE (FILE)
  • SDCONF_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdconf.rec
  • SDSTATUS_TYPE (FILE)
  • SDSTATUS_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdstatus
  • SDNDSCRT_TYPE (FILE)
  • SDNDSCRT_LOC: <configurationDirectory>/<uri>/auth/ace/data/secured
  • RSA_LOG_FILE: <configurationDirectory>/<uri>/debug/rsa_api.log
  • RSA_LOG_LEVEL (INFO; other values are OFF, DEBUG, WARN, ERROR, FATAL)
  • RSA_DEBUG_FILE, if RSA_ENABLE_DEBUG=YES: <configurationDirectory>/<uri>/debug/rsa_api_debug.log

Where to go from here

  • In Administering, see managing users, user groups, and authentication modules.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Abhay Chokshi on Nov 10, 2014
authentication rsa_securid configuration securid contributor-updated

Comments

Log in or register to comment.

Enabling LDAP to authenticate users with SSL
Using SAMLv2 for authentication
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.