000035813 - How to test RSA SecurID Access IDR Secure Connector connectivity

Document created by RSA Customer Support Employee on Dec 9, 2017Last modified by RSA Customer Support Employee on Jan 23, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000035813
Applies ToRSA Product Set:  SecurID Access
IssueConnectivity between the IDR and its SecurID Access cloud tenant is being questioned.
ResolutionA helpful troubleshooting step is to try accessing the Secure Connector health.api URL either from a browser on the same subnet as the IDR proxy interface or directly from the IDR using the wget command.
The URL is of the form <tenant id>.auth.securid.com/secure-connector-fe/health.api where <tenant id> is the value initially set in the Administrator Console My Account > Company Settings > Company Information tab Company ID field.
The following is an example wget command from the IDR command line.  The --bind-address switch should specify the IDR's proxy IP address.  If that switch is not used then the wget command will use the IDR management interface.  Connection OK is returned when successful.
See Access SSH for Identity Router Troubleshooting to access the IDR command line.

[idradmin@idr.gs00.example.com ~]$ wget --no-check-certificate --bind-address <IDR Proxy IP> https://gs00.auth.securid.com/secure-connector-fe/health.api
--2017-12-07 15:45:23--  https://gs00.auth.securid.com/secure-connector-fe/health.api

Resolving gs00.auth.securid.com...
Connecting to gs00.auth.securid.com|....|:443... connected.
WARNING: cannot verify gs00.auth.securid.com's certificate, issued by `/C=US/O=thawte, Inc./CN=thawte SSL CA - G2':
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 13 [text/plain]
Saving to: `health.api'
100%[==========================================================>] 13          --.-K/s   in 0s
2017-12-07 15:45:24 (6.02 MB/s) - `health.api' saved [13/13]
[idradmin@idr.gs00.example.com ~]$ more health.api
Connection OK
NotesThe auth part of the tenant hostname will be auth-eu for tenants outside of the Americas.