|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: RSA Authentication Agent API for Java
RSA Version/Condition: 8.x
Platform: Microsoft Windows
|Issue||Sample code for the RSA Authentication Agent API for Java successfully authenticates and then fails authentication. Unexpected results occur where a fixed passcode is used to authenticate a test account called 'rsatest':|
This article assumes that RSA Authentication Manager software has already been deployed as a primary instance, with or without replica instances in a deployment and that RSA Authentication Agent API for Java sample code has been compiled and ready to use.
|IPv4 subnet mask||255.255.255.0||255.255.255.0|
|IPv4 default gateway||192.168.254.1||192.168.2.1|
- Set up the local host file on each of the Authentication Manager instance in the deployment. From the Operations Console,
- Navigate to Administration > Network > Hosts File > Add New.
- Add hosts entry for the Microsoft Windows platform eth0 IP address and associated hostname.
- Add hosts entry for the Microsoft Windows platform eth1 IP address and associated hostname.
- Add all of the Authentication Manager instance IP addresses and hostnames.
- Using the Security Console on the primary instance, add the eth1 IP addresses as Alternative IP Addresses for the Authentication Manager instance(s). Navigate to Setup > System Settings. Under Advanced Settings > Alternative Instance IP Addresses, enter the eth1 IP address in the Alternative IP Address field, as shown here:
- Perform an automatic rebalance using the Security Console on the primary instance (Access > Authentication Agents > Authentication Manager Contact List > Automatic Rebalance. Click Rebalance). The primary and replica (or replicas) will appear in the Authentication Manager Contact Lists. For example:
- Generate a configuration record (Access > Authentication Agents > Generate Configuration File. Click Generate Config File then click the Download Now button. Copy the AM_Config.zip file on the Microsoft platform hosting the RSA Authentication Agent API for Java software.
- Update (or add) the Authentication Agent in the Security Console (Access > Authentication Agents > Manage Existing (or Add New). Enter the host name of the agent, enter the IP address from eth0 of the agent and enter the eth1 IP address into Alternative IP Address.
- For this example the RSA Authentication Agent API for Java has been unpacked into the C:\RSA\JavaAPI folder on the supported Microsoft platform. The example code is therefore found in the C:\RSA\JavaAPI\examples\sample folder along with the rsa_api.properties, the configuration record (sdconf.rec) and sdopts.rec.
- To use eth0: RSA_AGENT_HOST=192.168.254.120
- To use eth1: RSA_AGENT_HOST=192.168.2.120
RSA_AGENT_HOST is an override host IP address parameter.
SDCONF_LOC is the location of sdconf.rec and SDOPTS_LOC is the location of sdopts.rec.
The sdopts.rec file is a text file that an administrator will manually create for an RSA Authentication Agent for manual load balancing. The sdopts.rec file is not generated by Authentication Manager or the agent.