This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using RSA SecurID for authentication

RSA SecurID provides a two-factor authentication scheme for user authentication. This approach uses a password that has a very short life span, typically one minute. By combining a passcode with a hardware generated token value, users are authenticated with this short-span password. This method of authentication narrows the opportunity for exploitation by anyone who manages to eavesdrop on the Transport Layer Security (TLS) confidential communications.


After authentication, the combination passcode + token is no longer valid.

To configure the SecurID module

To use SecurID Chain for user authentication, the module must first be configured with information about the RSA Authentication Manager server. This information is contained in the sdconf.rec file. After being configured, SecurID Chain is enabled for authentication use.

  1. Copy the sdconf.rec file retrieved from the RSA SecurID server to the BMC Atrium Single Sign-On server at the following location:
    <installationDirectory>/BMC Software/BMC Atrium SSO/tomcat/webapps/BMC Atrium SSO/WEB-INF/config/BMC Atrium SSO/auth/ace/data
  2. Configure the SecurID module.

    Unknown macro: {multi-excerpt-include}
  3. (Optional) Edit the file for additional configuration.

SecurID parameters

When adding or editing a SecureID module, the following options are available:

Unknown macro: {multi-excerpt-include}



ACE/Server Configuration Path

Specify the full path for the new location of the sdconf.rec file.
The configuration path is used to specify the location of the sdconf.rec file used to contact the RSA SecurID server.

To modify the file

Additional configuration of the SecurID module communications with the RSA Authentication Manager is available by editing the file.

Properties of primary importance (and their default values)

  • SDCONF_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdconf.rec
  • SDSTATUS_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdstatus
  • SDNDSCRT_LOC: <configurationDirectory>/<uri>/auth/ace/data/secured
  • RSA_LOG_FILE: <configurationDirectory>/<uri>/debug/rsa_api.log
  • RSA_DEBUG_FILE, if RSA_ENABLE_DEBUG=YES: <configurationDirectory>/<uri>/debug/rsa_api_debug.log

Where to go from here

  • In Administering, see managing users, user groups, and authentication modules.
Was this page helpful? Yes No Submitting... Thank you