000038964 - Configure password and security questions chained login for RSA Authentication Manager Prime Kit Self-Service Portal (SSP)

Document created by RSA Customer Support Employee on Jun 11, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038964
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager Prime Kit
IssueThis article explains how to implement chain login for users when trying to access the RSA Authentication Manager Prime Kit Self-Service Portal (SSP).

In this instance, chain login means that users are asked for their Active Directory password followed by their Security Questions answers to be logged into SSP. 
Tasks
  • Confirm that the Chain Login bean is configured.
  • Enable the Chain Login bean for Home Page.
  • Disable any old Active Directory bean for the home page.
ResolutionTo achieve this result, 
  1. Go to the file <Prime_installation_directory>/configs/ssp/config.
  2. Open authentication.xml in a text editor.
  3. Look for the following snippet in the file and ensure that it is not commented out:

    <bean id="chainADplusSQ" class="com.rsa.pso.services.ChainAuthenticatorService">
          <property name="serviceName" value="ChainAuthenticator" />
          <property name="authenticationServiceHelper" ref="authServiceHelper" />
          <property name="authenticators">
               <!--There should be exactly two authenticators.
               Portal will throw exception if the authenticator count is
               not equal to two(2)-->
                    <list>
                        <ref bean="adAuthenticationService"/>
                        <ref bean="questionAuthenticationService"/>
                    </list>
          </property>
    </bean>

  4. Look for the following snippet in the file:

    <util:list id="HOME_PAGE">
            <ref bean="adAuthenticationService"/>
            <!-- <ref bean="rbaAuthenticationService"/> -->
            <ref bean="tokenAuthenticationService"/>
            <ref bean="questionAuthenticationService"/>
            <ref bean="mfaAuthenticationService"/>
            <!-- <ref bean="chainADplusSQ"/> -->
    </util:list>

  5. Uncomment the chainADplusSQ bean and comment the adAuthenticationService bean:

    <util:list id="HOME_PAGE">
            <!--<ref bean="adAuthenticationService"/> -->
            <!-- <ref bean="rbaAuthenticationService"/> -->
            <ref bean="tokenAuthenticationService"/>
            <ref bean="questionAuthenticationService"/>
            <ref bean="mfaAuthenticationService"/>
            <ref bean="chainADplusSQ"/>
    </util:list>

  6. Save the changes and exit.
  7. Restart the SSP service for the changes to take effect.
     
Notes
  • The RSA Authentication Manager Prime Kit installation directory differs from one environment to the other. The admin should be aware of the installation directory. However, the subdirectories and file names will not change. 
  • Steps to restart the service differ from one environment to the other. The admin should know how to restart a certain service in their environment.

Attachments

    Outcomes