Test Access to Cloud Authentication Service

Document created by RSA Information Design and Development on Aug 18, 2017Last modified by RSA Information Design and Development on Jul 26, 2019
Version 24Show Document
  • View in full screen mode

RSA maintains two Cloud Authentication Service environments. When one environment becomes unavailable for any reason, your deployment automatically switches to the other environment. RSA recommends that you test access to both environments before it is needed to ensure a smooth transition during unexpected downtime.

After your deployment is switched to another environment, the following events occur:

  • Authentication services and the Cloud Administration Console are restored as quickly as possible.

  • Domain Name Services (DNS) redirects the Cloud Administration Console and your identity routers to the new URLs for your region.

  • A message is posted to RSA SecurID® Access Service Notifications with details about the event.

Before you begin

  • Confirm that your firewall rules allow access to both IP addresses for your region.

                           
    RegionIP Addresses
    US168.61.48.213, 13.93.181.131
    EU 40.114.214.30, 40.85.122.144
    ANZ20.36.46.195, 20.36.66.51
  • If your company uses URL filtering, be sure that both IP addresses for your region are whitelisted.

Procedure 

  1. To test access for your identity routers, on an identity router, do the following:

    1. Enable SSH on an identity router. For instructions, see Access SSH for Identity Router Troubleshooting.

    2. From the identity router command line, enter the following:

      openssl s_client -connect 104.42.197.125:443

      104.42.197.125 is the IP address of one of the environments.

      You receive information back about the certificate chain and other details. If you are unable to reach the environment, the command eventually times out and you see SSL-related error messages.

    3. Repeat this for one identity router in each data center (or different firewall settings) in your deployment.
  2. To test access for your internal users, on an internal machine, do the following:

    1. Enter the following in a browser: https://104.42.197.125

      You will see an error that the site is insecure. This is expected for the test.

    2. View details about the connection and confirm that *auth.securid.com is included in the certification path.

      For example, on Google Chrome, click the Not secure warning in the address bar. Then click the certificate and confirm that it is issued to *auth.securid.com.

    3. Repeat this for one internal machine in each data center (or different firewall settings) in your deployment.
  3. If you are unable to access one of the environments, confirm that you have the correct firewall and whitelist settings. For more information, see the "Connectivity Requirements" section in your Quick Setup Guide. To download a Quick Setup Guide that is appropriate for your deployment, see Cloud Authentication Service Planning and Configuration.

 

 

You are here
Table of Contents > Troubleshooting > Test Access to Cloud Authentication Service

Attachments

    Outcomes