This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Configure password and security questions chained login for RSA Authentication Manager Prime Kit Self-Service Portal (SSP)

Article Number

000038964

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager Prime Kit

Issue

This article explains how to implement chain login for users when trying to access the RSA Authentication Manager Prime Kit Self-Service Portal (SSP).

In this instance, chain login means that users are asked for their Active Directory password followed by their Security Questions answers to be logged into SSP. 

Task

  • Confirm that the Chain Login bean is configured.
  • Enable the Chain Login bean for Home Page.
  • Disable any old Active Directory bean for the home page.

Resolution

To achieve this result, 
  1. Go to the file <Prime_installation_directory>/configs/ssp/config.
  2. Open authentication.xml in a text editor.
  3. Look for the following snippet in the file and ensure that it is not commented out: 
    
<bean id="chainADplusSQ" class="com.rsa.pso.services.ChainAuthenticatorService">
      <property name="serviceName" value="ChainAuthenticator" />
      <property name="authenticationServiceHelper" ref="authServiceHelper" />
      <property name="authenticators">
           <!--There should be exactly two authenticators.
           Portal will throw exception if the authenticator count is 
           not equal to two(2)-->
                <list>
                    <ref bean="adAuthenticationService"/>
                    <ref bean="questionAuthenticationService"/>
                </list>
      </property>
</bean>
  4. Look for the following snippet in the file: 
    
<util:list id="HOME_PAGE">
        <ref bean="adAuthenticationService"/>
        <!-- <ref bean="rbaAuthenticationService"/> -->
        <ref bean="tokenAuthenticationService"/>
        <ref bean="questionAuthenticationService"/>
        <ref bean="mfaAuthenticationService"/>
        <!-- <ref bean="chainADplusSQ"/> -->
</util:list>
  5. Uncomment the chainADplusSQ bean and comment the adAuthenticationService bean: 
    
<util:list id="HOME_PAGE">
        <!--<ref bean="adAuthenticationService"/> -->
        <!-- <ref bean="rbaAuthenticationService"/> -->
        <ref bean="tokenAuthenticationService"/>
        <ref bean="questionAuthenticationService"/>
        <ref bean="mfaAuthenticationService"/>
        <ref bean="chainADplusSQ"/> 
</util:list>
  6. Save the changes and exit.
  7. Restart the SSP service for the changes to take effect.
     

Notes

  • The RSA Authentication Manager Prime Kit installation directory differs from one environment to the other. The admin should be aware of the installation directory. However, the subdirectories and file names will not change. 
  • Steps to restart the service differ from one environment to the other. The admin should know how to restart a certain service in their environment.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 04:04 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.