Ping Identity PingFederate 9.3 - SecurID Authentication API with AM Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Jan 27, 2020
Version 1Show Document
  • View in full screen mode

This section describes how to integrate Ping Identity PingFederate with RSA Authentication Manager using SecurID Authentication API.

Architecture Diagram

Configure RSA Authentication Manager

To configure the integration with RSA Authentication Manager, you must enable the REST Service and then create an authentication agent.

Sign into the Security Console and browse to Setup > System Settings > REST Service, mark the check-box to enable REST Service and make note of the Agent Credentials. The Agent Credentials will be needed during configuration of the agent.

Browse to Access > Authentication Agents and click Add New. Enter the name of your authentication agent in the Hostname field and click Save.

 

Configure Ping Identity PingFederate

Perform these steps to configure Ping Identity PingFederate as an authentication API client to RSA Authentication Manager.

Procedure

1. Download the PingFederate RSA SecurID Integration Kit pf-securid-integration-kit-3.*.zip from Ping Identity’s website (https://www.pingidentity.com/en/resources/downloads/pingfederate.html). Unzip to access the file contents.

2. Stop PingFederate server.

3. Copy dist/pf-securid-authn-adapter-3.*.jar from integration kit downloaded in Step 1 to <PF-Install>/server/default/deploy/.

4. Copy all the files from dist/template/ from integration kit downloaded in Step 1 to <PF-Install>/server/default/conf/template/.

5. Restart PingFederate server and login into Administrator Console. Make sure the Identity Provider role has been enabled for this PingFederate server.

6. Click Identity Provider > Adapters to reach the Manage IdP Adapter Instances page.

7. On the Manage IdP Adapter Instances page, click Create New Instance.

8. On the Create Adapter Instance page, fill in the Instance Name and Instance ID. For Type, choose SecurID Authentication Adapter 3.X. Click Next.

9. In the IdP Adapter tab, configure the fields required as below:

  1. If the deployment contains RSA Authentication Manager Replica servers, add the replica details under Failover Servers.
  2. RSA Authentication Agent: The name of the agent as configured in the Configure RSA Authentication Manager section.
  3. RSA Base API URLhttps://<AM-Primary-FQDN>:5555/mfa/v1_1 where AM-Primary-FQDN is the fully qualified domain name of the RSA Authentication Manager Primary instance.
  4. RSA Access ID: The access ID obtained from Agent Credentials section in the Configure RSA Authentication Manager section.
  5. RSA Access Key: The access key obtained from Agent Credentials section in the Configure RSA Authentication Manager section.

Then click Next.

10. On the Actions page, Click Next.

11. On the Extended Contract page, click Next.

12. On the Adapter Attributes page, check the Pseudonym check-box and click Next.

13. On the Adapter Contract Mapping page, click Next.

14. On the Summary page, click Done.

15. On the Manage IdP Adapter Instances page, click Save.

 

This completes the SecurID adapter configuration process. You may now configure or modify your SP connection(s) to use the SecurID adapter instance. See the PingFederate Administrator’s Manual for further details - https://documentation.pingidentity.com/pingfederate/pf93/index.shtml#adminGuide/administratorsManual.html.

 

Attachments

    Outcomes