XYPRO XYGATE UA2.25 - Authentication Agent Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Oct 2, 2019Last modified by RSA Information Design and Development on Oct 2, 2019
Version 2Show Document
  • View in full screen mode

This section describes how to integrate RSA SecurID Access with XYPRO XYGATE UA as an authentication agent.

Architecture Diagram

Configure RSA Authentication Manager

To configure your RSA Authentication Manager for use with an authentication agent, you must create an agent host record in the Security Console of your Authentication Manager and download its configuration file (sdconf.rec).

Agent host record configuration differs slightly depending on whether you are using a UDP-based agent (using 8.1.x or earlier RSA Agent API) or TCP-based agent (using 8.5 or newer RSA Agent API).

If UDP-based agent:

  • Hostname: Configure the agent host record name to match the hostname of the agent.
  • IP Address: Configure the agent host record to match the IP address of the agent.

Note:  Authentication Manager must be able to resolve the IP address from the hostname

If TCP-based agent:

  • Hostname: Configure the agent host record name to match the agent name as specified in the agent's configuration. It does not have to match the hostname of the authentication agent.
  • IP Address: Leave blank. Any input to this field will be disregarded.

 

Configure XYPRO XYGATE UA

Perform these steps to configure XYPRO XYGATE UA as an authentication API client to RSA Authentication Manager.

Procedure

1. Download the sdconf.rec file from RSA Authentication Manager Security Console and copy to the /rsa directory in XUA.

2. Sign into NonStop as the XUA admin, and run XUA_RSA_INSTALL macro to configure the RSA interface.  You will be asked a series of questions about configuring XUA to interface with the RSA service.

    > RUN XUA
    > XUA_RSA_INSTALL

Note:  Responses to the RSA install macro will be recorded into the UACONF file as keywords using the values you enter at the prompts.  These values can be modified in the UACONF only after the macro run is completed.

Do you want to configure the RSA interface <Y>?

3. Enter Y to configure the service.

What is the TCP/IP process name <$ZTCP2>?

4. Enter your TCP/IP process name.

How many seconds should XUA wait for a RSA response before timeout occurs<30>?

5. Enter 30.

Do you want to use RSA authentication for all NonStop users <No>?

6. Answer according to your need.

Do you want to require a password in addition to the SecurID token for all NonStop users <NO>?

7. Answer according to your need.

Is your RSA server configured as a web service <N>?

8. Enter N.

Do you want to configure the RSA interface now <Y>?

9. Enter Y.

 

Configuration is complete.

Note:  Authenticating with the RSA SecurID Access requires the UAACL rule, UAGROUP, which maps NonStop user accounts to RSA user accounts and invokes RSA processing by XUA. Refer to XYGATE User Authentication Reference Manual for more information.

 

SecurID Agent Integration Details

                         
RSA Authentication Agent API5.1
RSA SecurID User SpecificationAll Users
Display RSA Server InfoNo
Perform Test AuthenticationYes
Agent TracingYes
                           
Agent FilesLocation
sdconf.rec/rsa
sdopts.rec/rsa
Node secret/rsa
sdstatus.12 / jastatus.12/rsa

 

Agent Tracing:

Enter the following from NonStop terminal as an administrator or as the installation owner:

 

> XUA_EXECUTE_RSA_PROXY TRACE

 

User Experience

User-defined new PIN:

System-generated new PIN

Next tokencode

Return to the main page for more certification related information.

  

Attachments

    Outcomes