Configure the RSA Authentication Agent API for Java on a supported platform with two network card interfaces (NIC)
RSA Product Set: SecurID RSA Product/Service Type: RSA Authentication Agent API for Java RSA Version/Condition: 8.x Platform: Microsoft Windows
Sample code for the RSA Authentication Agent API for Java successfully authenticates and then fails authentication. Unexpected results occur where a fixed passcode is used to authenticate a test account called 'rsatest':
This article assumes that RSA Authentication Manager software has already been deployed as a primary instance, with or without replica instances in a deployment and that RSA Authentication Agent API for Java sample code has been compiled and ready to use.
Two separate networks with no routing between them.
RSA Authentication Manager primary instance eth0 is configured on one network and eth1 is configured on the second network.
Microsoft Windows platform with two network card interfaces (NICs), where each NIC is connected to the two networks hosting the RSA Authentication Agent API for Java (for this example, 2k8r2-agent) .
Ensure the RSA Authentication Manager instance eth0 and eth1 interfaces are correctly set up in the Operations Console (Administration > Network > Appliance Network Settings. An example on the primary is as follows:
IPv4 subnet mask
IPv4 default gateway
Ensure the Network Cable Connection shows as connected.
Set up the local host file on each of the Authentication Manager instance in the deployment. From the Operations Console,
Add hosts entry for the Microsoft Windows platform eth0 IP address and associated hostname.
Add hosts entry for the Microsoft Windows platform eth1 IP address and associated hostname.
Add all of the Authentication Manager instance IP addresses and hostnames.
Using the Security Console on the primary instance, add the eth1 IP addresses as Alternative IP Addresses for the Authentication Manager instance(s). Navigate to Setup > System Settings. Under Advanced Settings > Alternative Instance IP Addresses, enter the eth1 IP address in the Alternative IP Address field, as shown here:
Perform an automatic rebalance using the Security Console on the primary instance (Access > Authentication Agents > Authentication Manager Contact List > Automatic Rebalance. Click Rebalance). The primary and replica (or replicas) will appear in the Authentication Manager Contact Lists. For example:
Generate a configuration record (Access > Authentication Agents > Generate Configuration File. Click Generate Config File then click the Download Now button. Copy the AM_Config.zip file on the Microsoft platform hosting the RSA Authentication Agent API for Java software.
Update (or add) the Authentication Agent in the Security Console (Access > Authentication Agents > Manage Existing (or Add New). Enter the host name of the agent, enter the IP address from eth0 of the agent and enter the eth1 IP address into Alternative IP Address.
For this example the RSA Authentication Agent API for Java has been unpacked into the C:\RSA\JavaAPI folder on the supported Microsoft platform. The example code is therefore found in the C:\RSA\JavaAPI\examples\sample folder along with the rsa_api.properties, the configuration record (sdconf.rec) and sdopts.rec.
To use eth0: RSA_AGENT_HOST=192.168.254.120
To use eth1: RSA_AGENT_HOST=192.168.2.120
NOTE: RSA_AGENT_HOST is an override host IP address parameter. SDCONF_LOC is the location of sdconf.rec and SDOPTS_LOC is the location of sdopts.rec.
It is important to include both eth0 and eth1 of the Authentication Manager instances into the sdopts.rec with USESERVER, as well as use CLIENT_IP=<agent_IP_address> where <agent_IP_address> is the appropriate IP address for either eth0 or eth1 (of the Microsoft platform hosting RSA Authentication Agent API for Java).
The sdopts.rec file is a text file that an administrator will manually create for an RSA Authentication Agent for manual load balancing. The sdopts.rec file is not generated by Authentication Manager or the agent.