Forum Discussion

Jacob_Klein's avatar
Jacob_Klein
Icon for Nimbostratus rankNimbostratus
8 years ago

SecurID Authentication Failing on APM 12.1.2

I am having issues with SecurID authentication on a POC APM deployment.   My first authentication attempt succeeds but any attempt after that fail with the following error.   [root@AKOHDCPOCLTM...
BIG-IP Access Policy Manager (APM)
rsa
securid
security
MvdG's avatar
MvdG
Icon for Cirrus rankCirrus
8 years ago

Jacob,

 

What is the RSA Authentication Report (logs) telling you?

 

Do you have a Primary and Replica RSA server? When you delete the sdstatus.12 file, the BIG-IP is performing the first authentication to the Primary RSA server. Once authentication is successfull, the node secret is exchanged and the sdstatus.12 file is updated telling the BIG-IP there is a Replica in the network.

 

This RSA setup is active/active meaning both RSA servers are accepting authentication request. The difference is, the Replica has a read-only database.

 

Could it be there is a firewall between BIG-IP and RSA and the firewall is not configured to allow SecurID traffic to the Replica RSA server?

 

Regards, Martijn.