XYPRO XYGATE UA 2.25 - SecurID Authentication API with CAS Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Oct 2, 2019Last modified by RSA Information Design and Development Employee on Oct 2, 2019
Version 2Show Document
  • View in full screen mode

This section describes how to integrate XYPRO XYGATE UA with RSA Cloud Authentication Service using SecurID Authentication API.

Architecture Diagram

Configure RSA Cloud Authentication Service

To configure the integration with RSA Cloud Authentication Service, you must first collect the Authentication API key and Authentication Service Domain for your RSA SecurID Access tenant.

Sign into the Cloud Administration Console and browse to My Account > Company Settings > Authentication API Keys and copy the Description and Key.

Browse to Platform > Identity Routers > Edit > Registration and copy the Authentication Service Domain.



Perform these steps to configure XYPRO XYGATE UA as an authentication API client to RSA Cloud Authentication Service.


1. Sign into NonStop as the XUA admin, and run XUA_RSA_INSTALL macro to configure the RSA interface.  You will be asked a series of questions about configuring XUA to interface with the RSA service.

    > RUN XUA

Note:  Responses to the RSA install macro will be recorded into the UACONF file as keywords using the values you enter at the prompts.  These values can be modified in the UACONF only after the macro run is completed.

Do you want to configure the RSA interface <Y>?

2. Enter Y to configure the service.

What is the TCP/IP process name <$ZTCP2>?

3. Enter your TCP/IP process name.

How many seconds should XUA wait for a RSA response before timeout occurs<30>?

4. Enter 30.

Do you want to use RSA authentication for all NonStop users <No>?

5. Answer according to your need.

Do you want to require a password in addition to the SecurID token for all NonStop users <NO>?

6. Answer according to your need.

Is your RSA server configured as a web service <N>?

7. Enter Y.

RSA Hostname?

8. Enter your RSA Authentication Service Domain as indicated in RSA Cloud Administration Console.

Example: rsa-demo.auth.securid.com

RSA access key?

9. Enter the Authentication API Key from the RSA Cloud Administration Console.

Enter unqualified CACERT filename?

10. Enter the name of a nonexistent file.

Example: RSACERT

Note:  This value is not required because the certificate on RSA Cloud Authentication Service is already trusted.

RSA access ID?

11. Enter the RSA access ID

Note:  This value is not used by RSA SecurID Access.  XYPRO recommends to specify the email address of the person who configures this integration.

RSA Language?

12. Enter the language code.

Example: en_US

RSA Port <5555>?

13. Enter 443.

RSA Path?

14. Enter /mfa/v1_1

RSA Security key type <KEY>?

15. Enter KEY

RSA Agent name?

16. Enter the name you wish to be displayed in the RSA Authenticate App's push notifications.  Example notification: "Sign in request for: XUA"

RSA auth policy ID?

17. Enter the name of the access policy (as configured in RSA Cloud Administration Console) that XUA will use to authenticate users.

RSA Attempt timeout (seconds)?

18. Enter 120. Increase this value if user authentications timeout before they can be completed.

Java install path </usr/tandem/nssjava/jdk180_h80>?

19. Enter the Java install path.

Do you want to configure the RSA interface now <Y>?

20. Enter Y.


Configuration is complete.

Note:  Authenticating with the RSA SecurID Access requires the UAACL rule, UAGROUP, which maps NonStop user accounts to RSA user accounts and invokes RSA processing by XUA. Refer to XYGATE User Authentication Reference Manual for more information.


User Experience

Authentication method selection menu

Return to the main page for more certification related information.