Forum Discussion
NimbostratusAPM Radius SecureID
Hello Team,
I'm configuring APM with SecureID auth over RADIUS and I would like to enable access to the application based on the user membership in some AD database.
I know that RSA Authentification Manager locally import AD ressources as "Identity sources" but i don't know if the user membership is passed as raduis attribute in the response.
If it is the case, how could I retreive this information.
Today I have an VPE with logon page -> Radius with to possibilities Successfull and Deny; if the authentification with userid and PIN succeed. I would like to add the a new condition that is , if authentification succeed and if user is member of MY-GROUP, access allow.
I have thought about an AD or LDAP query as branch rule of the Radius policy, but I dont know if it can be used without an ldap or AD AAA servers configured.
Any help will be appreciated !!!
Thks guys !
4 Replies
- Kevin_Stewart
Employee
Both AD and LDAP query agents need respective AD or LDAP AAA configurations. If the Radius userid is defined in an AD or LDAP directory, it is perfectly reasonable to query one of those to get group membership information.
FulmetalThks Kevin,
so If I ensure that my RSA Server is able to send me back the membership of a user through a RADIUS Attribute, i 'll be able to retreive it as session variable and use it in addition to userid/PIN combination to grant access to my application ?
I would prefer not to query another source to retreive that information.
Is it possible ?
Thanks in advance Kevin
- Kevin_Stewart
so If I ensure that my RSA Server is able to send me back the membership of a user through a RADIUS Attribute, i 'll be able to retreive it as session variable and use it in addition to userid/PIN combination to grant access to my application ?
Yes, that is possible.
- Fulmetal
Thks a lot Kevin !
