XYPRO XYGATE UA 2.25 - SecurID Authentication API with AM Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Oct 2, 2019Last modified by RSA Information Design and Development Employee on Oct 2, 2019
Version 2Show Document
  • View in full screen mode

This section describes how to integrate XYPRO XYGATE UA with RSA Authentication Manager using SecurID Authentication API.

Architecture Diagram

Configure RSA Authentication Manager

To configure the integration with RSA Authentication Manager, you must enable the REST Service and then create an authentication agent.

Sign into the Security Console and browse to Setup > System Settings > REST Service, mark the checkbox to enable REST Service and make note of the Agent Credentials. The Agent Credentials will be needed during configuration of the agent.

Browse to Access > Authentication Agents and click Add New. Enter the name of your authentication agent in the Hostname field and click Save.

 

Configure XYPRO XYGATE UA

Perform these steps to configure XYPRO XYGATE UA as an authentication API client to RSA Authentication Manager.

Procedure

1. Sign into NonStop as the XUA admin, and run XUA_RSA_INSTALL macro to configure the RSA interface.  You will be asked a series of questions about configuring XUA to interface with the RSA service.

    > RUN XUA
    > XUA_RSA_INSTALL

Note:  Responses to the RSA install macro will be recorded into the UACONF file as keywords using the values you enter at the prompts.  These values can be modified in the UACONF only after the macro run is completed.

Do you want to configure the RSA interface <Y>?

2. Enter Y to configure the service.

What is the TCP/IP process name <$ZTCP2>?

3. Enter your TCP/IP process name.

How many seconds should XUA wait for a RSA response before timeout occurs<30>?

4. Enter 30.

Do you want to use RSA authentication for all NonStop users <No>?

5. Answer according to your need.

Do you want to require a password in addition to the SecurID token for all NonStop users <NO>?

6. Answer according to your need.

Is your RSA server configured as a web service <N>?

7. Enter Y.

RSA Hostname?

8. Enter the hostname or IP address of the RSA Authentication Manager you wish to authenticate with.

Example: rsarest.example.com

Note:  An external high availability mechanism is required in order to use RSA Authentication Manager replica servers.

RSA access key?

9. Enter the Access Key from the RSA Authentication Manager Security Console.

Enter unqualified CACERT filename?

10. Enter the CACERT filename that will be used to validate the server certificate.

Example: RSACERT

RSA access ID?

Note:  This value is not used by RSA SecurID Access.  XYPRO recommends to specify the email address of the person who configures this integration.

RSA Language?

12. Enter the language code.

Example: en_US

RSA Port <5555>?

13. Enter the port that RSA Authentication Manager REST API is listening on.  5555 is the default value.

RSA Path?

14. Enter /mfa/v1_1

RSA Security key type <KEY>?

15. Enter KEY

RSA Agent name?

16. Enter the RSA agent name to match as configured in the RSA Authentication Manager security console.

RSA auth policy ID?

17. Leave blank. Any input will not be used.

RSA Attempt timeout (seconds)?

18. Enter 40.

Java install path </usr/tandem/nssjava/jdk180_h80>?

19. Enter the Java install path.

Do you want to configure the RSA interface now <Y>?

20. Enter Y.

 

Configuration is complete.

Note:  Authenticating with the RSA SecurID Access requires the UAACL rule, UAGROUP, which maps NonStop user accounts to RSA user accounts and invokes RSA processing by XUA. Refer to XYGATE User Authentication Reference Manual for more information.

 

User Experience

User defined new PIN

System-generated New PIN (AM):

Next Tokencode

 

Return to the main page for more certification related information.

 

Attachments

    Outcomes