000029749 - Interoperability between RSA Authentication Agent 7.x for Microsoft Windows and RSA Authentication Agent for Web for IIS

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Dec 11, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029749
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent
RSA Version/Condition: 7.x
Platform: Microsoft Windows, Web for IIS
Issue

In order to communicate with RSA Authentication Manager, the RSA Authentication API requires configuration files and a node secret. The  RSA Authentication Agent for Microsoft Windows and RSA Authentication Agent for Web for IIS store these files in different locations. For both agents to communicate with Authentication Manager, these files must always be the same in both locations.




The configuration files and node secret are stored in the following locations:
• RSA Authentication Agent for Windows installations: <<Program Files>>\Common Files\RSA Shared\Auth Data
• RSA Authentication Agent for Web for IIS installations: <<Windows>>\System 32

Resolution

To install the RSA Authentication Agent 7.x for Microsoft Windows and RSA Authentication Agent for Web for IIS for interoperability:



  1. Install the RSA Authentication Agent for Web for IIS and perform a test authentication as described in the RSA Authentication Agent for Web for IIS Installation and Configuration Guide.
  2. Install the RSA Authentication Agent 7.4 for Windows as described in the RSA Authentication Agent 7.4 for Microsoft Windows Installation and Administration Guide.

Do not attempt a test authentication using the RSA Authentication Agent for Windows until you complete the following step.



  1. Open a command prompt and use the XCOPY command with the /O option to copy the node secret from <<Windows>>\System32 to <<Program Files>>\Common Files\RSA Shared\Auth Data.

The /O option specifies that ownership and Access Control List (ACL) information should also be copied, as shown in the following example:



XCOPY C:\Windows\System32\securid “C:\Program Files\Common Files\RSA Shared\Auth Data\” /O


Do not use the COPY command or Windows Explorer to copy the node secret file. Due to the sensitivity of the node secret, you must also copy ownership and ACL information.



  1. Perform a test authentication of the RSA Authentication Agent for Windows as described in the RSA Authentication Agent for Microsoft Windows Installation and Administration Guide.
NotesThe format of the node secret has recently been changed. The RSA Authentication Agent for Windows expects the node secret to be in the new format. For interoperability, the version of the RSA Authentication Agent for Web that you install must also use the new format. RSA Authentication Agent for Web 7.1 uses the new node secret format.

If you are installing an earlier version of the Authentication Agent for Web, contact RSA Customer Support to obtain the appropriate patch to support the new node secret format.

Attachments

    Outcomes