000029749 - Interoperability between RSA Windows Authentication Agent and RSA Web Authentication Agent for IIS

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029749
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent
RSA Version/Condition: 7.2
Platform: Microsoft Windows, Web for IIS
Issue

In order to communicate with RSA Authentication Manager, the RSA Authentication API requires configuration files and a node secret. The Authentication Agent for Windows and the Authentication Agent for Web store these files in different locations. For both Agents to communicate with Authentication Manager, these files must always be the same in both locations.



The configuration files and node secret are stored in the following locations:
• Authentication Agent for Windows installations: <<Program Files>>\Common Files\RSA Shared\Auth Data
• Authentication Agent for Web installations: <<Windows>>\System 32

Resolution

To install Authentication Agent for Windows and Authentication Agent for Web for interoperability:



1. Install the Authentication Agent for Web and perform a test authentication as described in the RSA Authentication Agent
for Web for IIS Installation and Configuration Guide.



2. Install the Authentication Agent for Windows as described in the RSA Authentication Agent for Microsoft Windows
Installation and Administration Guide.


Important: Do not attempt a test authentication using the Authentication Agent for Windows until you complete the
following step.


3. Open a command prompt and then use the XCOPY command with the /O option to copy the node secret from
<<Windows>>\System32 to <<Program Files>>\Common Files\RSA Shared\Auth Data. The /O option specifies that
ownership and Access Control List (ACL) information should also be copied, as shown in the following example:
XCOPY C:\Windows\System32\securid “C:\Program Files\Common Files\RSA Shared\Auth Data\” /O


Important: Do not use the COPY command or Windows Explorer to copy the node secret file. Due to the sensitivity of
the node secret, you must also copy ownership and ACL information.



4. Perform a test authentication of the Authentication Agent for Windows as described in the RSA Authentication Agent for
Microsoft Windows Installation and Administration Guide.

NotesThe format of the node secret has recently been changed. The Authentication Agent for Windows expects the node secret to be in the new format. For interoperability, the version of the Authentication Agent for Web that you install must also use the new format. RSA Authentication Agent for Web 7.1 uses the new node secret format. If you are installing an earlier version of the Authentication Agent for Web, contact RSA Customer Support (www.emc.com/support/rsa/index.htm) to obtain the appropriate patch to support the new node secret format.

Attachments

    Outcomes