SecurID^® Discussions

Hi Mike,

Thanks for your response - that's quite interesting. I might try re-installing it a few times to see if I can get it working as well.

Would you mind answering a few quick questions about your install process, in case there's some specific sequence that works/doesn't work?

1. Did you install the RSA ADFS agent before or after configuring ADFS itself?
2. Have you customised the 'theme' at all, and if so are you using the default theme or a new one?
3. Is your ADFS 4.0 brand new or upgraded/migrated from the 2012 R2 one?

Thanks.

Michael O''''Leary‌,

Thank you for jumping in and offering to assist Paul Trimboli with his ADFS agent configuration.

That, ladies and gentlemen, is the RSA SecurID Suite‌ community in action!  

If you guys come up with anything that could be useful to the community, please be sure to post it here.

Regards,

Erica

Hi Paul, great questions.

1. After. I got ADFS working and then installed the RSA ADFS agent.

2. No, I've never customized themes at all. Sorry I have no experience with editing the UI at all.

3. It's migrated from 2012R2. I had 2x 2012R2 servers in a farm, and then I added 2x 2016 servers. I installed the RSA agent on the new servers. About a week later I removed the 2012R2 servers, and then I upgraded the Farm Behaviour level. 

Perhaps you could try deploying a brand new 2016 server, installing ADFS in a standalone farm, and seeing if the agent installs and works okay?

Mike.

Thanks for those details.

Our install was on a brand-new single-server farm (being implemented specifically to provide SAML authentication to a third-party), so I'm wondering if perhaps the key is to install it in an existing ADFS 3 farm, and then upgrade it? That seems to be the only significant difference between our setups. Perhaps the upgrade process migrates the v3 forms to v4 format so it keeps working, but installing directly into a v4 farm means it's missing something.

Unfortunately we don't really have the time to try a whole bunch of scenarios - plus there doesn't seem to be any indication that Server 2016 is officially supported so it's a little too risky for us.

We'll look at migrating to Server 2016/ADFS 4 if the Securid agent becomes officially supported on that platform.

Thanks again for responding, perhaps this thread will be helpful for someone else.

Erica Chalfin‌

Thanks, and it looks like we have a show-stopper for a customer's planned upgrade here. We need the RSA ADFS agent released/supported on Windows 2016 / ADFS 4. Please pass this on!

While we're at it, I have a need to use RSA SecurID as my MFA solution for AzureAD, when not using ADFS as the sign-in method. I.e., all of our users have RSA tokens today, and I don't want to switch away from this and start using Microsoft's MFA solution, but that seems the easiest/only MFA solution for AzureAD authentication. Is there a solution on the way for SecurID customers looking to use MFA and AzureAD for their applications?

Mike.

Michael O''''Leary‌,

It looks like we have open requests for enhancement for both of the things you ask.

AM-29759 for Authentication Manager support for Microsoft Azure and AAWIN-2366 for ADFS v4 for Windows 2016 support.

Please contact RSA support to open a case.  This will add your company to the list of others asking for this functionality.  The more cases linked to an RFE, the more likely product management is to add the feature.

Regards,

Erica

Great to know, thanks B1fQpWp0Er9BI4ZmqBP9R2k0AFScN6CUsaPcsyfuRCQ=‌ ! That really is the https://community.rsa.com/community/products/securid?sr=search&searchId=c78acfa8-5e3f-451c-b0f4-24494a281126&searchIndex=0‌ community in action.

Thanks B1fQpWp0Er9BI4ZmqBP9R2k0AFScN6CUsaPcsyfuRCQ=‌ - I've opened a new case and asked to be added to AAWIN-2366.

And of course thanks once again, jHR230t7SGsOcmlF2AYt1GW6SAky1KfNBp8kIHI7yz0=‌, for your time and interest in my little issue.