This section describes how to integrate XYPRO XYGATE UA with RSA Authentication Manager using SecurID Authentication API.
Configure RSA Authentication Manager
To configure the integration with RSA Authentication Manager, you must enable the REST Service and then create an authentication agent.
Sign into the Security Console and browse to Setup > System Settings > REST Service, mark the checkbox to enable REST Service and make note of the Agent Credentials. The Agent Credentials will be needed during configuration of the agent.
Browse to Access > Authentication Agents and click Add New. Enter the name of your authentication agent in the Hostname field and click Save.
Configure XYPRO XYGATE UA
Perform these steps to configure XYPRO XYGATE UA as an authentication API client to RSA Authentication Manager.
1. Sign into NonStop as the XUA admin, and run XUA_RSA_INSTALL macro to configure the RSA interface. You will be asked a series of questions about configuring XUA to interface with the RSA service.
> RUN XUA
Note: Responses to the RSA install macro will be recorded into the UACONF file as keywords using the values you enter at the prompts. These values can be modified in the UACONF only after the macro run is completed.
Do you want to configure the RSA interface <Y>?
2. Enter Y to configure the service.
What is the TCP/IP process name <$ZTCP2>?
3. Enter your TCP/IP process name.
How many seconds should XUA wait for a RSA response before timeout occurs<30>?
4. Enter 30.
Do you want to use RSA authentication for all NonStop users <No>?
5. Answer according to your need.
Do you want to require a password in addition to the SecurID token for all NonStop users <NO>?
6. Answer according to your need.
Is your RSA server configured as a web service <N>?
7. Enter Y.
8. Enter the hostname or IP address of the RSA Authentication Manager you wish to authenticate with.
Note: An external high availability mechanism is required in order to use RSA Authentication Manager replica servers.
RSA access key?
9. Enter the Access Key from the RSA Authentication Manager Security Console.
Enter unqualified CACERT filename?
10. Enter the CACERT filename that will be used to validate the server certificate.
RSA access ID?
Note: This value is not used by RSA SecurID Access. XYPRO recommends to specify the email address of the person who configures this integration.
12. Enter the language code.
RSA Port <5555>?
13. Enter the port that RSA Authentication Manager REST API is listening on. 5555 is the default value.
14. Enter /mfa/v1_1
RSA Security key type <KEY>?
15. Enter KEY
RSA Agent name?
16. Enter the RSA agent name to match as configured in the RSA Authentication Manager security console.
RSA auth policy ID?
17. Leave blank. Any input will not be used.
RSA Attempt timeout (seconds)?
18. Enter 40.
Java install path </usr/tandem/nssjava/jdk180_h80>?
19. Enter the Java install path.
Do you want to configure the RSA interface now <Y>?
20. Enter Y.
Configuration is complete.
Note: Authenticating with the RSA SecurID Access requires the UAACL rule, UAGROUP, which maps NonStop user accounts to RSA user accounts and invokes RSA processing by XUA. Refer to XYGATE User Authentication Reference Manual for more information.
User defined new PIN
System-generated New PIN (AM):
Return to the main page for more certification related information.