This section describes how to integrate RSA SecurID Access with IBM Security Access Managerusing Risk Based Authentication.
Architecture Diagram
RSA Authentication Manager
To configure your RSA Authentication Manager for risk-based authentication with IBM Security Access Manager, you must create an agent host record and enable it for risk-based authentication in the RSA Authentication Manager Security Console. You will need to download the sdconf.rec and the risk-based authentication integration script for the appropriate device type to configure the agent. RSA Authentication Manager can integrate risk-based authentication with UDP-based or RADIUS agents only.
The latest risk-based authentication script template is at the following link.
Download this file and copy it to the following directory in your primary RSA Authentication Manager server.
/opt/rsa/am/utils/rba-agents
Refer to RSA Authentication Manager Administrator's Guide for more information on RBA integration scripts.
Note: The risk-based authentication script shows the IBM Security Access Manager version as 7.x, but it will work with version 9.x also.
IBM Security Access Manager
Perform these steps to configure IBM Security Access Manager for risk-based authentication with RSA Authentication Manager for web reverse proxy.
Before you begin
Complete Authentication Agent Configuration for Web Reverse Proxy.
Procedure
1. Log in to the local management interface of the appliance.
2. Browse to Secure Web Settings > Manage > Reverse Proxy.
3. Select the reverse proxy instance and click Manage > Management root.
4. On the Manage Reverse Proxy Management Root window, browse to Management > C.
5. Double-click tokenlogin.html file to open. Create <script> </script> HTML tags after closing </body> HTML tag, copy the contents of the am_integration.js file and add it as shown below and click Save.
</BODY>
<script type="text/javascript" language="Javascript">
*************Paste contents of am_integration.js here**************************
</script>
<script> window.onload=redirectToIdP(); </script>
</HTML>
6. Click Close.
7. Deploy changes.
Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the Risk-Based Authentication configuration to your use case.