Hello Everyone,
I just integrate both platforms With One customer of mine, the original idea was to add authentication stronger NetWitness GUI. I Followed the directions in Configure PAM Login Capability - RSA Security Analytics Documentation. I made the integration successful, I Achieved the first authentication success but when i start to make more test I saw a bad behavior, let me explian you:
- When the AM´s lockout policy was fired, for 3 failed auth´s, the user became to NextTokenCode but the SecurID Authorization Agent for PAM is not able to drive this flag, always send auth fails and never see the NTC box in Netwitness GUI.
- When you use a PIN mode in authentication attemps, the Netwitness console died. The jetty service goes down.
- And If you tried to reuse the same token, in theory you dont able to make a success auth, But the Netwitness console permit the authentication , although you see in Authentication Real Monitor oif SecurID this log (authj faild, token reuse)
The question´s are:
SecurID Authorization Agent for PAM will be better, in which realase of Netwitness???
Somebody knows some workaround to solve the issue?
Note. I used the versions:
- RSA AM 8.1.1.15
- RSA SA 10.6.1
I just did the PAM integration with RSA SA 10.6.1.0, it worked well for about 4 hrs and now it is crashing the website. I had to disable it in the pam.d/securityanalytics file and have submitted a ticket to RSA for assistance.
Did you ever get anymore information on the issues you were having?