000019029 - How to configure Shiva Access Manager 5.0 proxy for RSA SecurID authentication

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019029
Applies ToShiva Access Manager 5.0
RSA ACE/Server
Microsoft Windows
IssueHow to configure Shiva Access Manager 5.0 proxy for RSA SecurID authentication
CauseIn versions of Shiva Access Manager prior to 5.0, one could set up a proxy using two different methods. The most commonly used method is to create a template and associate it with a proxy for all users to use. The second method was to define all users internally within Shiva Access Manager and use a "magic password" such as 'NT' for Windows* NT* proxy or 'ACE' for SecurID* proxy. This method allowed administrators to set users with different Authorization profiles. In 5.0, the latter method has been replaced and no longer works successfully if upgrading from an earlier version of Shiva Access Manager.
ResolutionIn Shiva Access Manager 5.0, the second method of proxy authentication mentioned above has been replaced using either a Proxy ID or a Realm name. Using the Proxy ID method, you must enclose the old magic password in { } brackets. You must then ensure that you have a Proxy configured that has a Proxy ID that matches the old password.

For example, if your old magic password was 'NT', the new password now becomes '{NT}'. Your Proxy ID must become 'NT'. Note that the user must then use '{NT}' as their password.

Using the Realm method, you must enclose the old magic password with [ ] brackets. You must then ensure that you have a Proxy configured that has a Realm name that matches the old password. For example, if your old magic password was 'NT', the new password now becomes '[NT]'. Your Realm must become 'NT'. Note that the user must then use '[NT]' as their password.
Legacy Article IDa5304

Attachments

    Outcomes