Configure a Timeout Setting for Authentication Requests

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jan 30, 2019
Version 9Show Document
  • Comment0
  • View in full screen mode

You can change how long RSA Authentication Manager waits for a response for the identity routers in a RSA SecurID Access trusted realm. The default timeout setting is 30 seconds.

Before you begin 

The following credentials are required:

  • The rsaadmin password for the primary instance and each replica instance.
  • Operations Console administrator
  • RSA Authentication Manager Super Admin

Procedure 

  1. Log on to the appliance with the User ID rsaadmin and the operating system password that you defined during Quick Setup.
    • On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using an SSH client.
    • On a virtual appliance, log on to the appliance using an SSH client, the VMware vSphere client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.

    To log on to the appliance operating system using Secure Shell (SSH), you must enable SSH.

    For instructions, see Enable Secure Shell on the Appliance.

  2. Change directories to /opt/rsa/am/utils. Type:

    cd /opt/rsa/am/utils/

    and press ENTER.

  3. Type:

    ./rsautil store -a update_config ims.trust.via.read_timeout number GLOBAL

    where number is the new timeout value in milliseconds. For example, type 45000 to change the timeout value to 45 seconds.

    Note:  Make sure that the authentication agents use a timeout value that is greater than the value configured for RSA Authentication Manager.

  4. Press ENTER. You are prompted for the required options.
  5. When prompted, enter your Operations Console administrator User ID, and press ENTER.
  6. When prompted, enter your Operations Console administrator password, and press ENTER.

    The timeout value is updated.

    Note:  Although it is possible to enter the Operations Console administrator password on the command line, this creates a potential security vulnerability. RSA recommends that you enter passwords only when the utility presents a prompt.

  7. Close the SSH client. Type exit and press ENTER.
  8. Flush the cache to remove the previous timeout value from memory:
    1. In the Operations Console, click Maintenance > Flush Cache.
    2. If prompted, enter your Super Admin User ID and password, and click OK.
    3. Under Flush Cache, select Flush specific cache objects.
    4. Select ConfigCache.
    5. Click Flush.
  9. Wait for 30 seconds for the primary instance to load the new timeout value.

 

 

Related Concepts

RSA SecurID Authenticate Tokencodes

Related References

RSA SecurID Authenticate Tokencode Integration Issues and Solutions

Options for manage-securid-access-trusts

 

 


Attachments

    Outcomes