Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Sep 10, 2013

RSA SECURID FIRST TIME LOGIN WITH APM

We have externals user without Access no other access to our internal resources that the one provided with APM. The authentication they use is RSA SecurID Token. They have been working so far with Juniper solution. But since we moved to F5 APM we have not been able to provide access to new users as the first time Login is not working. Should it work with F5 APM?

 

The fist time login works this way: The first time an RSA OTP user logs in, they need to set a PIN for their token. This PIN is used in addition to the token code as the passcode. The user prepends the 8 character PIN to the token code.

 

1.Enter LOGIN: 2.Enter PASSCODE: (use token code only - 6 or 8 digit number) 3.Enter New PIN (Exactly 8 alpha-numeric characters, Must include 1 number and 1 letter) 4.Renter New PIN 5.Enter PASSCODE: (after token code has flipped enter PIN+TOKENCODE with no spaces) From this point on PASSCODE: refers to the PIN+TOKENCODE combination. Either 8+8 or 8+6 characters depending on software/hardware token type.

 

If you are prompted for a Next Tokencode during login you will need to wait till your number rolls to the next one and enter it.

 

1.Enter PASSCODE: Wait for the tokencode to change, then enter the new tokencode : Each Tokencode can only be attempted to be used once and won't work a second time even if you mistype your PIN.

 

  • Now It works. We had to languages configured (spanish and english) but the default was Spanish. It looks as is messages are not translated. Even in spanish the system expects Y/N answer instead of S/N (Si/N in spanish). Thank you very much.

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus

    You configure the language supported by APM in the policy. And have one as the default. Which language is used, is set by the language setting on the browser.

     

    You say you don't get a message asking if you want to set the pin? Does the auth actually work? What is logged at the securID server for the authentication involved? What happens after the auth?

     

    H

     

  • Thank you The message does not appear so we have not even tried to use numeric or alphanumeric pin codes. Where do you configure the language?

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus

    Yes it works for us (in English). There is a bug if you are usng a different language. Eg French. We also just use numerical pin codes. Not alpha

     

    H