In RSA Authentication Manager, you can use the repair feature to enter new information about an RSA SecurID Access trusted realm. For example, you can update the hostname or IP address used to contact the Cloud Authentication Service.
If RSA Authentication Manager has a new IP address or netmask, then you must provide this information to a Cloud Authentication Service administrator.
Before you begin
- This procedure requires the rsaadmin password.
- You must be a Super Admin or a Trust Administrator.
- Log on to the appliance with the User ID rsaadmin and the operating system password that you defined during Quick Setup:
- On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using the SSH client.
- On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.
- On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
- Change directories to /opt/rsa/am/utils. Type:
and press ENTER.
- Modify the trusted realm. Type:
./rsautil manage-securid-access-trusts -a repair -t trusted_realm
where trusted_realm is the name of the RSA SecurID Access trusted realm that needs to be modified.
and press ENTER. You are prompted for the required information.
Note: Although it is possible to enter the administrator password on the command line along with the other options, this creates a potential security vulnerability. RSA recommends that you enter passwords only when prompted.
- When prompted, enter the Super Admin or Trust Administrator username, and press ENTER.
- When prompted, enter the Super Admin or Trust Administrator password, and press ENTER.
- When the RSA SecurID Access trusted realm is located, you are prompted to enter updated values for the following items:
- RSA SecurID Access REST API URL Prefix used to contact the Cloud Authentication Service. You might want to update the hostname or IP address.
- The Access ID and Access Key provided by the Cloud Authentication Service Super Admin.
- Trusted realm name.
- Whether the trusted realm is enabled.
- Whether the trusted realm is enabled for authentication.
- Optional notes.
Press ENTER for each item that you do not want to update.
- After the trusted realm is updated, RSA Authentication Manager tests the connection to the trusted realm. After 30 seconds, a message indicates whether the connection test succeeded or failed.
If the connection test fails, you can view the details in the imsTrace.log file in the /opt/rsa/am/server/logs directory.
- To verify the changed details in the Security Console, click Administration > Trusted Realms > Manage Existing.