000031701 - Configuring a RADIUS client and RSA authentication agent for Bomgar 9.3

Document created by RSA Customer Support Employee on Feb 20, 2017Last modified by RSA Customer Support Employee on Apr 14, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031701
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP1
 
IssueThis article explains how to integrate RSA Authentication Manager 8.1 with Bomgar 9.3.
ResolutionHere is information that will prove useful for when customers come to integrate RSA Authentication Manager 8.1 and Bomgar 9.3.

RSA Ready Certification Program


RSA has a certification program to assure customers on leading products and their interoperability with RSA products. Go to the RSA Ready Community and search for the specific vendor name to see what has gone through the certification program. If the product you are searching on does not display a result, then RSA has not certified that product with any RSA product.
 

Bomgar 9.3 Press Release


Bomgar provided the following press release, which talks about the multifactor authentication in v9.3 where RADIUS is used to direct authentications at an RSA Authentication Manager deployment (RSA RADIUS would receive the RADIUS authentication request).
 

Bomgar 9.3 Configuration


Please refer to Bomgar documentation for information on configuring the Bomgar product to send authentications to a RADIUS server.


Configuring RADIUS Clients in RSA Authentication Manager 8.1 


RSA Authentication Manager software actively listens on port 5500 UDP for native SecurID authentication and, where RADIUS is configured, on port 1645 UDP and 1812 UDP for RADIUS authentication. What this means is the primary and any configured replica instances are always active for processing any incoming native SecurID or RADIUS authentications.
 
Where RADIUS is used to send the authentication to an RSA Authentication Manager 8.1 a RADIUS client and an associated RSA Agent must be created using the Security Console for the software/device sending the RADIUS authentication.
 
NOTE: The RADIUS client name and Authentication Agent hostname should be a fully-qualified hostname (or short name) which match. Do NOT use an IP address for the RADIUS client name or Agent hostname.
 
The example here is for a test RADIUS client and authentication agent called LENOVO.

Configuring the RADIUS client


To add a new RADIUS client, login to the Security Console and select RADIUS > RADIUS Client > Add New.
User-added image

Adding an RSA Authentication Agent


When saving the RADIUS client, click the button to Save and Create Associated RSA Authentication Agent.



User-added image



Enabling and Disabling RSA RADIUS Debug


  1. Login to the Operations Console.
  2. Select Deployment Configuration > RADIUS Server.
  3. Click on the primary and select Manage Server Files.
  4. Click the arrow next to radius.ini and select Edit.
  5. Note the following three lines, as they would show in a newly installed deployment of Authentication Manager:
;[Configuration]
;LogLevel                        = 0
;TraceLevel                      = 0

  1. Change only these lines to uncomment the stanza title and to set the logging and tracing levels:
[Configuration]
LogLevel                        = 2
TraceLevel                      = 2

  1. Click Save & Restart RADIUS Server for the changes to take effect.  
  2. To revert the changes, repeat steps 1 - 7, adding the semicolons back, restoring the numeric values to 0 then saving and restarting the RADIUS server.
  3. The RSA RADIUS log file is located in /opt/rsa/am/radius.  The name of the file will be today;s date in YYYYMMDD format. If today's date was 22 February 2017, then the log file would be called 20170222.log.

Attachments

    Outcomes