Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using RSA SecurID for authentication

RSA SecurID provides a two-factor authentication scheme for user authentication. This approach uses a password that has a very short life span, typically one minute. By combining a passcode with a hardware generated token value, users are authenticated with this short-span password. This method of authentication narrows the opportunity for exploitation by anyone who manages to eavesdrop on the Transport Layer Security (TLS) confidential communications.

Note

After authentication, the combination passcode + token is no longer valid.

To configure the SecurID module

To use SecurID Chain for user authentication, the module must first be configured with information about the RSA Authentication Manager server. This information is contained in the sdconf.rec file. After being configured, SecurID Chain is enabled for authentication use.

  1. Copy the sdconf.rec file retrieved from the RSA SecurID server to the BMC Atrium Single Sign-On server at the following location:
    <installationDirectory>/BMC Software/BMC Atrium SSO/tomcat/webapps/BMC Atrium SSO/WEB-INF/config/BMC Atrium SSO/auth/ace/data

  2. Configure the SecurID module.

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  3. (Optional) Edit the rsa_api.properties file for additional configuration.

     

SecurID parameters

When adding or editing a SecureID module, the following options are available:

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

 

To modify the rsa_api.properties file

Additional configuration of the SecurID module communications with the RSA Authentication Manager is available by editing the rsa_api.properties file.

Properties of primary importance (and their default values)

  • SDCONF_FILE (FILE)
  • SDCONF_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdconf.rec
  • SDSTATUS_TYPE (FILE)
  • SDSTATUS_LOC: <configurationDirectory>/<uri>/auth/ace/data/sdstatus
  • SDNDSCRT_TYPE (FILE)
  • SDNDSCRT_LOC: <configurationDirectory>/<uri>/auth/ace/data/secured
  • RSA_LOG_FILE: <configurationDirectory>/<uri>/debug/rsa_api.log
  • RSA_LOG_LEVEL (INFO; other values are OFF, DEBUG, WARN, ERROR, FATAL)
  • RSA_DEBUG_FILE, if RSA_ENABLE_DEBUG=YES: <configurationDirectory>/<uri>/debug/rsa_api_debug.log

 

Where to go from here

  • In Administering, see managing users, user groups, and authentication modules.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*