SecurID^® Discussions

KeithGiles · ‎2018-12-31

We have some users that are being prompted to enter their RSA passcode when they try to view their saved passwords in Google Chrome. However, when they try to authenticate with the passcode, it fails everytime.

Should Windows even be prompting for RSA credentials for this function?

Is there a setting somewhere in RSA that needs to be changed for this to work?

Thanks in advance for any assistance you can offer,

Keith G.

JayGuillette · ‎2019-01-04

just edit RDCFileName and add the path to chrome, delimit with a comma after C:\Windows\System32\CredentialUIBroker.exe, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

verify the path to Chrome

View solution in original post

VarunPrabhakar · ‎2019-01-04

Keith,

The reported behavior is Functioning as desgined.

The following is workaround:

Run browser as an administrator with an user who has admin access on the machine
- For users who don't have admin credentials, use the 'Access your passwords from any device at passwords.google.com

JayGuillette · ‎2019-01-04

You have an Authentication Agent for Windows installed, and when you manage Chrome Passwords, Chrome will prompt for the default Credential Provider, which is now the RSA SID Credential Provider so you see a PassCode prompt instead of a Password prompt.

You could check why Passcode is failing, most likely Node secret mismatch if for some reason the System or process user for Chrome does not have permission to read the securID node secret file in the Auth Data directory.

Or

You can exempt Chrome from being prompted for PassCode by adding it as an RDCFileName, either in the registry as a REG_SZ value named RDCFileName under Local Authentication Settings *
or in a GPO as a Remote Desktop Application **

* https://community.rsa.com/docs/DOC-58298

is the KB that explains this issue.

HKEY_LOCAL_MACHINE \SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings

Or on Windows10 the location is

HKEY_LOCAL_MACHINE\software\RSA \RSA Desktop Preferences\Local Authentication Settings\

You may need to search the Registry for your Local Authentication Settings

** https://community.rsa.com/docs/DOC-96717
under Enable Support for multiple Remote Desktop Applications, Chapter 3

PaulHenry · ‎2019-01-04

Thanks, Jay. That solution worked for us. On my Windows 10 machine the RDCFileName key is in the first location you mentioned (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\RSA Desktop\Local Authentication Settings).

KeithGiles · ‎2019-01-04

Thanks for the information Jay!

Interestingly, I did get the node secret mismatch error.

However, once I clear the node secret from the agent or the server, the RSA authentication process fails at every prompt. I had to reinstall agent to get it working again.

KeithGiles · ‎2019-01-04

How do we handle the registry change for this if we have already created an RDCFileName in that same registry directory? The one I've already created has the value: C:\Windows\System32\CredentialUIBroker.exe

This was done previously to fix an issue with remote desktop being challenged by RSA.

KeithGiles · ‎2019-01-04

Paul Henry‌ what value data did you enter for the RDCFilename?

We had created one previously with the value data C:\Windows\System32\CredentialUIBroker.exe

JayGuillette · ‎2019-01-04

just edit RDCFileName and add the path to chrome, delimit with a comma after C:\Windows\System32\CredentialUIBroker.exe, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

verify the path to Chrome

KeithGiles · ‎2019-01-04

Thanks again! That worked.

SecurID® Discussions

Windows prompts for RSA passcode when trying to view Chrome Saved Passwords

SecurID^® Discussions