securID authentication via APM & username/pin/tokencode
Hi, when authenticating against an SecurID server there are 3 things needed: username pin-code token-code there is no documentation around which session variables have to be filled accordingly. there are only 2 session variables mentioned: session.logon.last.username and session.logon.last.password how do I have to fill this 3 pieces of information into those 2 variables ? remember: I do not want to authenticate against 2 different systems like AD AND RSA and send username/password to AD, and username/tokencode to RSA. I want to use RSA SecurID and nothing else. best regards, Florian
SecurID Authentication Failing on APM 12.1.2
I am having issues with SecurID authentication on a POC APM deployment. My first authentication attempt succeeds but any attempt after that fail with the following error. [root@AKOHDCPOCLTM01:Active:In Sync] config /usr/local/bin/securidtest -p "/config/aaa/ace/Common/rsaama01pakr.bfusa.com" -s 10...* -u username -w ********* ERROR: authentication with 'username' failed in doAuth:SD_Check(): authentication failed, code: 1, state: SECURID_AUTH_STATE_ACCESS_DENIED Test done: total tests: 1, success=0, failure=1 Some fields changed for privacy I can get a single authentication test to work by deleting the 'sdstatus.12' file. RSA is not able to tell me why that makes a difference. Any thoughts on this?
APM with SAML SP and AD and RSA authentication
Hi, I have the folowing question. Scenario: Customer has a resource behind APM that they want to provide access to their (1) own users who will use AD authentication and RSA Securid (2) They also want to provide access to partners with the APM configured to use SAML SP to the partners' own IdPs I believe that I know how to configure (1) and (2) separately. The question is how to configure this using the same landing page and same login page. I asssume that the users domain (@domain) would be used to differentiate between the local AD and RSA users and the partners on the one hand and also between the partners I assume that their specific domains could be mapped to the relevant IdPs. I am not sure how to put this together and I assume that the logon page would need three items: username, password and passcode or is there some other way to do this? Any guidance would be greatly appreciated.
RSA SecurID Multiple domain partitions
hello, I have 2 partition domains sharing the same RSA securid aaa. As the 2 partitions are using the same self-ip, the RSA server does not accept the connection from 2 apm instances at the same time, so the authentication is rejected. did you guys experiment such a scenario ? any idea how to get over this issue ? thank you. O.