Configure password and security questions chained login for RSA Authentication Manager Prime Kit Self-Service Portal (SSP)
Originally Published: 2020-06-04
Article Number
Applies To
RSA Product/Service Type: RSA Authentication Manager Prime Kit
Issue
In this instance, chain login means that users are asked for their Active Directory password followed by their Security Questions answers to be logged into SSP.
Tasks
- Confirm that the Chain Login bean is configured.
- Enable the Chain Login bean for Home Page.
- Disable any old Active Directory bean for the home page.
Resolution
- Go to the file <Prime_installation_directory>/configs/ssp/config.
- Open authentication.xml in a text editor.
- Look for the following snippet in the file and ensure that it is not commented out:
<bean id="chainADplusSQ" class="com.rsa.pso.services.ChainAuthenticatorService"> <property name="serviceName" value="ChainAuthenticator" /> <property name="authenticationServiceHelper" ref="authServiceHelper" /> <property name="authenticators"> <!--There should be exactly two authenticators. Portal will throw exception if the authenticator count is not equal to two(2)--> <list> <ref bean="adAuthenticationService"/> <ref bean="questionAuthenticationService"/> </list> </property> </bean> - Look for the following snippet in the file:
<util:list id="HOME_PAGE"> <ref bean="adAuthenticationService"/> <!-- <ref bean="rbaAuthenticationService"/> --> <ref bean="tokenAuthenticationService"/> <ref bean="questionAuthenticationService"/> <ref bean="mfaAuthenticationService"/> <!-- <ref bean="chainADplusSQ"/> --> </util:list> - Uncomment the chainADplusSQ bean and comment the adAuthenticationService bean:
<util:list id="HOME_PAGE"> <!--<ref bean="adAuthenticationService"/> --> <!-- <ref bean="rbaAuthenticationService"/> --> <ref bean="tokenAuthenticationService"/> <ref bean="questionAuthenticationService"/> <ref bean="mfaAuthenticationService"/> <ref bean="chainADplusSQ"/> </util:list> - Save the changes and exit.
- Restart the SSP service for the changes to take effect.
Notes
- The RSA Authentication Manager Prime Kit installation directory differs from one environment to the other. The admin should be aware of the installation directory. However, the subdirectories and file names will not change.
- Steps to restart the service differ from one environment to the other. The admin should know how to restart a certain service in their environment.
Related Articles
Questions on the security of offline authentication data in the RSA SecurID Authentication Agent for Microsoft Windows Number of Views Questions on creating an AFX connector to PostgreSQL using a generic ODBC driver in RSA Identity Governance & Lifecycle Number of Views Clear Security Question Answers in the User Dashboard Number of Views How to modify security questions for the RSA Authentication Manager Self-Service Console Number of Views How can I contact Customer Support for issues or questions relating to the RSA Community? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
