I just integrate both platforms With One customer of mine, the original idea was to add authentication stronger NetWitness GUI. I Followed the directions in Configure PAM Login Capability - RSA Security Analytics Documentation. I made the integration successful, I Achieved the first authentication success but when i start to make more test I saw a bad behavior, let me explian you:
- When the AM´s lockout policy was fired, for 3 failed auth´s, the user became to NextTokenCode but the SecurID Authorization Agent for PAM is not able to drive this flag, always send auth fails and never see the NTC box in Netwitness GUI.
- When you use a PIN mode in authentication attemps, the Netwitness console died. The jetty service goes down.
- And If you tried to reuse the same token, in theory you dont able to make a success auth, But the Netwitness console permit the authentication , although you see in Authentication Real Monitor oif SecurID this log (authj faild, token reuse)
The question´s are:
SecurID Authorization Agent for PAM will be better, in which realase of Netwitness???
Somebody knows some workaround to solve the issue?
Note. I used the versions:
- RSA AM 220.127.116.11
- RSA SA 10.6.1