Configure password and security questions chained login for RSA Authentication Manager Prime Kit Self-Service Portal (SSP)
Originally Published: 2020-06-04
Article Number
Applies To
RSA Product/Service Type: RSA Authentication Manager Prime Kit
Issue
In this instance, chain login means that users are asked for their Active Directory password followed by their Security Questions answers to be logged into SSP.
Tasks
- Confirm that the Chain Login bean is configured.
- Enable the Chain Login bean for Home Page.
- Disable any old Active Directory bean for the home page.
Resolution
- Go to the file <Prime_installation_directory>/configs/ssp/config.
- Open authentication.xml in a text editor.
- Look for the following snippet in the file and ensure that it is not commented out:
<bean id="chainADplusSQ" class="com.rsa.pso.services.ChainAuthenticatorService"> <property name="serviceName" value="ChainAuthenticator" /> <property name="authenticationServiceHelper" ref="authServiceHelper" /> <property name="authenticators"> <!--There should be exactly two authenticators. Portal will throw exception if the authenticator count is not equal to two(2)--> <list> <ref bean="adAuthenticationService"/> <ref bean="questionAuthenticationService"/> </list> </property> </bean> - Look for the following snippet in the file:
<util:list id="HOME_PAGE"> <ref bean="adAuthenticationService"/> <!-- <ref bean="rbaAuthenticationService"/> --> <ref bean="tokenAuthenticationService"/> <ref bean="questionAuthenticationService"/> <ref bean="mfaAuthenticationService"/> <!-- <ref bean="chainADplusSQ"/> --> </util:list> - Uncomment the chainADplusSQ bean and comment the adAuthenticationService bean:
<util:list id="HOME_PAGE"> <!--<ref bean="adAuthenticationService"/> --> <!-- <ref bean="rbaAuthenticationService"/> --> <ref bean="tokenAuthenticationService"/> <ref bean="questionAuthenticationService"/> <ref bean="mfaAuthenticationService"/> <ref bean="chainADplusSQ"/> </util:list> - Save the changes and exit.
- Restart the SSP service for the changes to take effect.
Notes
- The RSA Authentication Manager Prime Kit installation directory differs from one environment to the other. The admin should be aware of the installation directory. However, the subdirectories and file names will not change.
- Steps to restart the service differ from one environment to the other. The admin should know how to restart a certain service in their environment.
Related Articles
Clear Security Question Answers in the User Dashboard Number of Views Questions on creating an AFX connector to PostgreSQL using a generic ODBC driver in RSA Identity Governance & Lifecycle Number of Views Questions on the security of offline authentication data in the RSA SecurID Authentication Agent for Microsoft Windows Number of Views Verid - Improve accuracy of displayed pass/fail rate statistics per question type in Question Summary report Number of Views Authoritative source reference to section or subsection reverts to Source level when tree view is enabled on the cross ref… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
