Article Content
Article Number | 000034091 | ||||||||||
Applies To | RSA Product Set : SecurID RSA Product/Service Type : RSA Authentication Manager RSA Version/Condition: 8.1 or later | ||||||||||
Issue | There is a requirement to use SecurID two-factor authentication on the Vormetric Data Security Manager (DSM) administrative web console. The real-time authentication activity monitor is reporting "Authentication Method Failed" when performing a SecurID authentication with correct credentials on the Vormetric administrative web console . | ||||||||||
Resolution | RSA has a certification program to assure customers on leading products and their interoperability with RSA products. Customers can search the EMC Technology Partner Program called RSA Ready to look at what third-party products have gone through certification. RSA has posted a Vormetric Data Security Manager(DSM) integration guide, however this is in reference to RSA Authentication Manager 7.1 and Vormetric Data Security Manager 5. The Vormetric Data Security Manager 5.x uses the RSA Authentication Agent 8.1 API/SDK for Java and the SecurID configuration files are located in the /opt/vormetric/coreguard/server/config/rsa directory. File permissions of the files found in the /opt/vormetric/coreguard/server/config/rsa directory are as follows: -rw-r--r-- 1 voradmin db2grp1 nnn mmm dd hh:mm rsa_api.properties where, nnn refers to the file size mmm represents the month e.g. Sep dd represents the day hh:mm represents the time in hours and minutes Vormetric Technical Support has a procedure to generate a one time dynamic root password to access the operating system hosting the Vormetric DSM which allows an administrator to update the /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file so an additional configuration file called sdopts.rec that is used by Authentication Manager can be used. Vormetric Technical Support can also be contacted for information on how to use the CLI commands to manage the node secret (securid) file; for those times where a node secret mismatch occurs. Contents of the default /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file: SDNDSCRT_TYPE=FILE where, n.n.n.n is the IP address of the Vormetric DSM (e. g., the IP address of eth0). An administrator with the root access can update the /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file to use an sdopts.rec file (highlighted below in the SDOPTS_LOC line). SDNDSCRT_TYPE=FILE where, the contents of the /opt/vormetric/coreguard/server/config/rsa/sdopts.rec file is: CLIENT_IP=n.n.n.n where, n.n.n.n is the IP address of the Vormetric DSM (e.g., the IP address of eth0) and matches the IP address used in the authentication agent record that was created in the Security Console. A restart of the Vormetric Data Security Manager is required to read the updated /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file and make use of the sdopts.rec. | ||||||||||
Notes | Table showing the SecurID configuration files used by an authentication agent
|