000015394 - How to configure SecurId authentication on DPM?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015394
Applies ToRSA Data Protection Manager appliance 3.5
 
IssueHow to configure SecurId authentication on the DPM appliance?
SecurId authentication on the appliance
Two factor authentication on the appliance
Resolution

- Add the DPM appliance host as an authentication agent to the SecurID Authentication Manager server/appliance.
- Copy the file sdconf.rec from your Authentication Manager server to /opt/axm/server-61/conf/ 
- Execute the following commands



cp -R /opt/rsa-axm/agent/htdocs /opt/tomcat/webapps/cleartrust
sed -i.`date '+%Y%m%d%H%M'` -e '/JkMount \/admingui/s/$/\nJkMount \/cleartrust\* ajp13/' /etc/httpd/conf.d/ssl.conf
sed -i.`date '+%Y%m%d%H%M'` -e '/JkMount \/admingui/s/$/\nJkMount \/cleartrust\* ajp13/' /etc/httpd/conf.d/jk.conf
sed -i 's/^cleartrust\.agent\.auth_resource_list=\/\*=BASIC/cleartrust\.agent\.auth_resource_list=\/\*=BASIC\+SECURID/' /opt/rsa-axm/agent/webservers/apache/conf/webagent.conf


Copy the file sdconf.rec in /opt/axm/server-61/conf/



service ctrust restart
service httpd restart


chmod 777 /opt/axm/server-61/conf/



Do a test authentication, the node secret will be created as /opt/axm/server-61/conf/securid


Then change back the folder permissions



chmod 755 /opt/axm/server-61/conf/
 



You should now be prompted to enter a SecurID user/token after the regular ClearTrust login. 


If you just want SecurID authentication,  use the following sed command instead:



sed -i 's/^cleartrust\.agent\.auth_resource_list=\/\*=BASIC/cleartrust\.agent\.auth_resource_list=\/\*=SECURID/' /opt/rsa-axm/agent/webservers/apache/conf/webagent.conf



If you want BASIC *or* SECURID,  use the following sed command instead:



sed -i 's/^cleartrust\.agent\.auth_resource_list=\/\*=BASIC/cleartrust\.agent\.auth_resource_list=\/\*=BASIC\:SECURID/' /opt/rsa-axm/agent/webservers/apache/conf/webagent.conf


Legacy Article IDa52794

Attachments

    Outcomes