Article Content
Article Number | 000021175 |
Applies To | RSA Sign-On Manager Server RSA SecurID Authentication RSA Sign-On Manager administrator authentication to the SOM Manager Interface |
Issue | Can RSA SecurID be added to RSA Sign-On Manager Server Administration? Can RSA SecurID be removed from RSA Sign-On Manager Server Administration if installed? How to update sdconf.rec file in order to point to a different RSA SecurID server for RSA Sign-On Manager Server |
Resolution | 1) How do you install RSA SecurID authentication after SOM Server is already installed? It is possible to do it, but it's quite tricky. A: Replace the value of the "rsaauthchoices" attribute in the "*System Authentication Policy: Installation Configured" authentication policy. Go to the SOM Server LDAP datastore, find OU=rsasom, OU=rsaauthenticationpolicies where you will find three objects called RSAUUID=################################### Find the object whose Attribute "rsaauthname" = *System Authentication Policy: Installation Configured The value of rsaauthchoices that contains all three auth methods (password, and securid) is this: rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAABA/QAAAAAAAAnNxAH4AAHcMAAAAED9AAAAAAAABc3IAOGNvbS5yc2EuY3NmLmRvbWFpbi5hdXRoZW50aWNhdGlvbi5BdXRoZW50aWNhdGlvbk1ldGhvZElEYRmsCOgxYCcCAANMABpsaWNlbnNlRW5mb3JjZW1lbnRNZ3JDbGFzc3QAEUxqYXZhL2xhbmcvQ2xhc3M7TAAVbWV0aG9kQ29uZmlnQ2xhc3NOYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAAPbWV0aG9kSW1wbENsYXNzcQB+AAR4cHB0ADhjb20ucnNhLmNzZi5kb21haW4ub2JqZWN0cy5BY2VBdXRoZW50aWNhdGlvbk1ldGhvZENvbmZpZ3ZyAFBjb20ucnNhLmNzZi50ZWNoc2VydmljZS5hdXRoZW50aWNhdGlvbm1ldGhvZHMuYWNlLkFjZUF1dGhlbnRpY2F0aW9uU2VydmljZU1ldGhvZP4B3op/T6cUAgAETAADQVBJdABFTGNvbS9yc2EvY3NmL3RlY2hzZXJ2aWNlL2F1dGhlbnRpY2F0aW9ubWV0aG9kcy9hY2UvYWdlbnQvQWNlQWdlbnRBUEk7TAAFc2RQaW50AENMY29tL3JzYS9jc2YvdGVjaHNlcnZpY2UvYXV0aGVudGljYXRpb25tZXRob2RzL2FjZS9hZ2VudC9QaW5QYXJhbXM7TAAJc2Vzc2lvbklkdABDTGNvbS9yc2EvY3NmL3RlY2hzZXJ2aWNlL2F1dGhlbnRpY2F0aW9ubWV0aG9kcy9hY2UvYWdlbnQvSW50SG9sZGVyO0wABnVzZXJJZHEAfgAFeHIAVGNvbS5yc2EuY3NmLnRlY2hzZXJ2aWNlLmF1dGhlbnRpY2F0aW9ubWV0aG9kcy5jb21tb24uQXV0aGVudGljYXRpb25TZXJ2aWNlTWV0aG9kQmFzZVMhDrgM/s4gAgACWgAIaXNDbG9zZWRaAA1pc0luaXRpYWxpemVkeHB4c3EAfgAAdwwAAAAQP0AAAAAAAAFzcQB+AANwdAA9Y29tLnJzYS5jc2YuZG9tYWluLm9iamVjdHMuUGFzc3dvcmRBdXRoZW50aWNhdGlvbk1ldGhvZENvbmZpZ3ZyAFpjb20ucnNhLmNzZi50ZWNoc2VydmljZS5hdXRoZW50aWNhdGlvbm1ldGhvZHMucGFzc3dvcmQuUGFzc3dvcmRBdXRoZW50aWNhdGlvblNlcnZpY2VNZXRob2QkaBbZ0Gp+rgIAAHhxAH4ADHh4 The value of rsaauthchoices that contains all three auth methods (password, securid, and x509) is this: rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAABA/QAAAAAAAAXNxAH4AAHcMAAAAED9AAAAAAAABc3IAOGNvbS5yc2EuY3NmLmRvbWFpbi5hdXRoZW50aWNhdGlvbi5BdXRoZW50aWNhdGlvbk1ldGhvZElEYRmsCOgxYCcCAANMABpsaWNlbnNlRW5mb3JjZW1lbnRNZ3JDbGFzc3QAEUxqYXZhL2xhbmcvQ2xhc3M7TAAVbWV0aG9kQ29uZmlnQ2xhc3NOYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAAPbWV0aG9kSW1wbENsYXNzcQB+AAR4cHB0ADljb20ucnNhLmNzZi5kb21haW4ub2JqZWN0cy5YNTA5QXV0aGVudGljYXRpb25NZXRob2RDb25maWd2cgBSY29tLnJzYS5jc2YudGVjaHNlcnZpY2UuYXV0aGVudGljYXRpb25tZXRob2RzLng1MDkuWDUwOUF1dGhlbnRpY2F0aW9uU2VydmljZU1ldGhvZIm7b9P3zY7PAgADWgAIaXNDbG9zZWRaAA1pc0luaXRpYWxpemVkTAALcHJpbmNpcGFsSWRxAH4ABXhweHg=
<NOTE>You could copy the rsaauthchoices from an installation that has the auth methods you wish to have in your already installed system rather than trying to hand craft this value.</NOTE>
B: There is one attribute ?ace.server.config.file.name? in $INSTALL_DIR$/properties/csf.property that also needs to be set. ace.server.config.file.name=sdconf.rec
C: For SecurID, you need a file called sdconf.rec. That file is exported by the ACE Server, and needs to be copied to the "properties" folder of the server installation. 2) Can SecurID authentication be removed after install? No. You can not do it. It will require an uninstall, re-install. 3) How do you update the sdconf.rec if you want to point to a different SecurID Server? You can rename the old sdconf.rec located in the folder C:\Program Files\RSA Security\RSA Sign-On Manager\Server\properties and then copy the new sdconf.rec to replace the old one. |
Legacy Article ID | a29384 |