000021175 - Can RSA SecurID be added to RSA Sign-On Manager Server Administration?

A: Replace the value of the "rsaauthchoices" attribute in the "*System Authentication Policy: Installation Configured" authentication policy.
The value is a base64 encoding of a Java Set object that contains the authentication choices.

Go to the SOM Server LDAP datastore, find OU=rsasom, OU=rsaauthenticationpolicies where you will find three objects called RSAUUID=###################################

Find the object whose Attribute "rsaauthname" = *System Authentication Policy: Installation Configured
(Note: This is typically the last one listed)

The value of rsaauthchoices that contains all three auth methods (password, and securid) is this:

rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAABA/QAAAAAAAAnNxAH4AAHcMAAAAED9AAAAAAAABc3IAOGNvbS5yc2EuY3NmLmRvbWFpbi5hdXRoZW50aWNhdGlvbi5BdXRoZW50aWNhdGlvbk1ldGhvZElEYRmsCOgxYCcCAANMABpsaWNlbnNlRW5mb3JjZW1lbnRNZ3JDbGFzc3QAEUxqYXZhL2xhbmcvQ2xhc3M7TAAVbWV0aG9kQ29uZmlnQ2xhc3NOYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAAPbWV0aG9kSW1wbENsYXNzcQB+AAR4cHB0ADhjb20ucnNhLmNzZi5kb21haW4ub2JqZWN0cy5BY2VBdXRoZW50aWNhdGlvbk1ldGhvZENvbmZpZ3ZyAFBjb20ucnNhLmNzZi50ZWNoc2VydmljZS5hdXRoZW50aWNhdGlvbm1ldGhvZHMuYWNlLkFjZUF1dGhlbnRpY2F0aW9uU2VydmljZU1ldGhvZP4B3op/T6cUAgAETAADQVBJdABFTGNvbS9yc2EvY3NmL3RlY2hzZXJ2aWNlL2F1dGhlbnRpY2F0aW9ubWV0aG9kcy9hY2UvYWdlbnQvQWNlQWdlbnRBUEk7TAAFc2RQaW50AENMY29tL3JzYS9jc2YvdGVjaHNlcnZpY2UvYXV0aGVudGljYXRpb25tZXRob2RzL2FjZS9hZ2VudC9QaW5QYXJhbXM7TAAJc2Vzc2lvbklkdABDTGNvbS9yc2EvY3NmL3RlY2hzZXJ2aWNlL2F1dGhlbnRpY2F0aW9ubWV0aG9kcy9hY2UvYWdlbnQvSW50SG9sZGVyO0wABnVzZXJJZHEAfgAFeHIAVGNvbS5yc2EuY3NmLnRlY2hzZXJ2aWNlLmF1dGhlbnRpY2F0aW9ubWV0aG9kcy5jb21tb24uQXV0aGVudGljYXRpb25TZXJ2aWNlTWV0aG9kQmFzZVMhDrgM/s4gAgACWgAIaXNDbG9zZWRaAA1pc0luaXRpYWxpemVkeHB4c3EAfgAAdwwAAAAQP0AAAAAAAAFzcQB+AANwdAA9Y29tLnJzYS5jc2YuZG9tYWluLm9iamVjdHMuUGFzc3dvcmRBdXRoZW50aWNhdGlvbk1ldGhvZENvbmZpZ3ZyAFpjb20ucnNhLmNzZi50ZWNoc2VydmljZS5hdXRoZW50aWNhdGlvbm1ldGhvZHMucGFzc3dvcmQuUGFzc3dvcmRBdXRoZW50aWNhdGlvblNlcnZpY2VNZXRob2QkaBbZ0Gp+rgIAAHhxAH4ADHh4

The value of rsaauthchoices that contains all three auth methods (password, securid, and x509) is this:

rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAABA/QAAAAAAAAXNxAH4AAHcMAAAAED9AAAAAAAABc3IAOGNvbS5yc2EuY3NmLmRvbWFpbi5hdXRoZW50aWNhdGlvbi5BdXRoZW50aWNhdGlvbk1ldGhvZElEYRmsCOgxYCcCAANMABpsaWNlbnNlRW5mb3JjZW1lbnRNZ3JDbGFzc3QAEUxqYXZhL2xhbmcvQ2xhc3M7TAAVbWV0aG9kQ29uZmlnQ2xhc3NOYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAAPbWV0aG9kSW1wbENsYXNzcQB+AAR4cHB0ADljb20ucnNhLmNzZi5kb21haW4ub2JqZWN0cy5YNTA5QXV0aGVudGljYXRpb25NZXRob2RDb25maWd2cgBSY29tLnJzYS5jc2YudGVjaHNlcnZpY2UuYXV0aGVudGljYXRpb25tZXRob2RzLng1MDkuWDUwOUF1dGhlbnRpY2F0aW9uU2VydmljZU1ldGhvZIm7b9P3zY7PAgADWgAIaXNDbG9zZWRaAA1pc0luaXRpYWxpemVkTAALcHJpbmNpcGFsSWRxAH4ABXhweHg=

<NOTE>You could copy the rsaauthchoices from an installation that has the auth methods you wish to have in your already installed system rather than trying to hand craft this value.</NOTE>

B: There is one attribute ?ace.server.config.file.name?   in $INSTALL_DIR$/properties/csf.property that also needs to be set.

            ace.server.config.file.name=sdconf.rec

C: For SecurID, you need a file called sdconf.rec. That file is exported by the ACE Server, and needs to be copied to the "properties" folder of the server installation.