|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
|Issue||The Red Hat Identity Manager supports One Time Passwords (OTP) and an administrator would like to use RSA SecurID for two-factor authentication. Review the Red Hat page for an overview of features for Red Hat Identity Management, which includes a mention for OTP.|
|Resolution||RSA has a certification program to assure customers on leading products and their interoperability with RSA products. Go to the RSA Ready page and search for the specific vendor name to see what products have completed the RSA certification program. Unfortunately, RSA has no listing of the Red Hat Identity Manager going through the RSA certification program.|
Where the RADIUS protocol is used to send the authentications from the Red Hat Identity Manager to the Authentication Manager deployment an administrator would need to configure a RADIUS client with an associated RSA Agent in the Security Console.
- The Red Hat blog on Identity Management and Two-Factor Authentication Using One-Time Passwords provides a reference with regards to SecurID and the Red Hat Identity Manager and this page mentions that the Red Hat Identity Manager can proxy authentications via RADIUS to the RSA Authentication Manager.
- RSA Authentication Manager deployments have RSA RADIUS deployed by default providing RADIUS listening ports on 1645 UDP and 1812 UDP. RSA RADIUS supports Password Authentication Protocol (PAP) so third-party product using RADIUS can direct authentications to the RSA Authentication Manager deployment.
On the Authentication Manager primary's Securiy Console,
- Navigate to RADIUS > RADIUS Clients > Add New.
- Fill in the required information to create a RADIUS client. These are:
- Client name (this must be a resolvable computer name on the network),
- IPv4 address, and
- Shared secret (this must match the RADIUS Secret key configured in the RADIUS client; Red Hat Identity Manager).
- Click Save & Create Associated RSA Agent.
- Open the real-time authentication activity monitor from the Security Console (Reporting > Real-time Activity Monitors > Authentication Activity Monitor to view authentication attempts to the new RADIUS client. For troubleshooting RADIUS authentications or enable RSA RADIUS tracing and debugging (refer to 000012942 - How to enable RADIUS debugging/verbose logs with RSA Authentication Manager.
|Notes||Refer to Red Hat Identity Management documentation or contact Red Hat Customer Support with regards to configuring the Red Hat Identity Manager.|