Integrating Vormetric Data Security Manager with RSA Authentication Manager 8.x
Originally Published: 2016-09-26
Article Number
Applies To
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 or later
Issue
The real-time authentication activity monitor is reporting "Authentication Method Failed" when performing a SecurID authentication with correct credentials on the Vormetric administrative web console .
Resolution
RSA has posted a Vormetric Data Security Manager(DSM) integration guide, however this is in reference to RSA Authentication Manager 7.1 and Vormetric Data Security Manager 5. The Vormetric Data Security Manager 5.x uses the RSA Authentication Agent 8.1 API/SDK for Java and the SecurID configuration files are located in the /opt/vormetric/coreguard/server/config/rsa directory.
File permissions of the files found in the /opt/vormetric/coreguard/server/config/rsa directory are as follows:
-rw-r--r-- 1 voradmin db2grp1 nnn mmm dd hh:mm rsa_api.properties -rw-r--r-- 1 voradmin db2grp1 nnn mmm dd hh:mm sdconf.rec -rw-r--r-- 1 voradmin db2grp1 nnn mmm dd hh:mm securid
where,
nnn refers to the file size
mmm represents the month e.g. Sep
mmm represents the month e.g. Sep
dd represents the day
hh:mm represents the time in hours and minutes
Vormetric Technical Support has a procedure to generate a one time dynamic root password to access the operating system hosting the Vormetric DSM which allows an administrator to update the /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file so an additional configuration file called sdopts.rec that is used by Authentication Manager can be used.
Vormetric Technical Support can also be contacted for information on how to use the CLI commands to manage the node secret (securid) file; for those times where a node secret mismatch occurs.
Contents of the default /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file:
SDNDSCRT_TYPE=FILE RSA_LOG_TO_CONSOLE=YES SDOPTS_TYPE=FILE RSA_DEBUG_FLOW=YES RSA_CONFIG_READ_INTERVAL=600 RSA_DEBUG_LOCATION=YES RSA_DEBUG_NORMAL=YES RSA_AGENT_HOST=n.n.n.n SDOPTS_LOC= SDSTATUS_TYPE=FILE RSA_DEBUG_TO_FILE=NO RSA_LOG_TO_FILE=NO RSA_ENABLE_DEBUG=YES SDCONF_TYPE=FILE RSA_DEBUG_EXIT=YES RSA_DEBUG_TO_CONSOLE=YES RSA_LOG_LEVEL=DEBUG SDCONF_LOC=/opt/vormetric/coreguard/server/config/rsa/sdconf.rec SDSTATUS_LOC=JAStatus.1 RSA_DEBUG_ENTRY=YES RSA_LOG_FILE=/tmp/rsa_api_event.log RSA_DEBUG_FILE=/tmp/rsa_api_debug.log SDNDSCRT_LOC=/opt/vormetric/coreguard/server/config/rsa/securid
where,
n.n.n.n is the IP address of the Vormetric DSM (e. g., the IP address of eth0).
n.n.n.n is the IP address of the Vormetric DSM (e. g., the IP address of eth0).
An administrator with the root access can update the /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file to use an sdopts.rec file (highlighted below in the SDOPTS_LOC line).
SDNDSCRT_TYPE=FILE RSA_LOG_TO_CONSOLE=YES SDOPTS_TYPE=FILE RSA_DEBUG_FLOW=YES RSA_CONFIG_READ_INTERVAL=600 RSA_DEBUG_LOCATION=YES RSA_DEBUG_NORMAL=YES RSA_AGENT_HOST=n.n.n.n SDOPTS_LOC=/opt/vormetric/coreguard/server/config/rsa/sdopts.rec SDSTATUS_TYPE=FILE RSA_DEBUG_TO_FILE=NO RSA_LOG_TO_FILE=NO RSA_ENABLE_DEBUG=YES SDCONF_TYPE=FILE RSA_DEBUG_EXIT=YES RSA_DEBUG_TO_CONSOLE=YES RSA_LOG_LEVEL=DEBUG SDCONF_LOC=/opt/vormetric/coreguard/server/config/rsa/sdconf.rec SDSTATUS_LOC=JAStatus.1 RSA_DEBUG_ENTRY=YES RSA_LOG_FILE=/tmp/rsa_api_event.log RSA_DEBUG_FILE=/tmp/rsa_api_debug.log SDNDSCRT_LOC=/opt/vormetric/coreguard/server/config/rsa/securid
where,
the contents of the /opt/vormetric/coreguard/server/config/rsa/sdopts.rec file is:
the contents of the /opt/vormetric/coreguard/server/config/rsa/sdopts.rec file is:
CLIENT_IP=n.n.n.n
where,
n.n.n.n is the IP address of the Vormetric DSM (e.g., the IP address of eth0) and matches the IP address used in the authentication agent record that was created in the Security Console.
n.n.n.n is the IP address of the Vormetric DSM (e.g., the IP address of eth0) and matches the IP address used in the authentication agent record that was created in the Security Console.
A restart of the Vormetric Data Security Manager is required to read the updated /opt/vormetric/coreguard/server/config/rsa/rsa_api.properties file and make use of the sdopts.rec.
Notes
| Filename | Description |
| sdconf.rec | Configuration record providing the IP addresses of the Authentication Manager instances in the deployment. Generated in the Security Console.
|
| securid | The ode secret file used to encrypt communication between the authentication agent and Authentication Manager. This is created dynamically during the first authentication attempt. |
| JAStatus.1 | Created by the agent and contains the list of available Authentication Manager instances and time response related information. Should this file get deleted, the authentication agent will recreate this file on the next authentication |
| sdopts.rec | Contains the value of CLIENT_IP=<IP address>, used as the IP address override. Page 82 of the RSA Authentication Agent 7.3.1 for Microsoft Windows Installation and Administration Guide provides some information on the CLIENT_IP parameter used in the sdopts.rec file. |
Related Articles
RSA Authentication Agent 8.0 for Web for Internet Information Services Generates HTTP Error 500.21 Number of Views Integrating Red Hat Identity Manager with RSA Authentication Manager 8.x Number of Views Integrate Citrix NetScaler with RSA Authentication Manager 8.x Number of Views RSA Authentication Agent 8.6 API does not prompt for passcode with Epic Hyperspace 2016 on Windows Server Number of Views Can the Microsoft Integrated Windows Authentication (IWA) icon be hidden in the RSA SecurID Access Application Portal? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
