What would you suggest would be the easiest way to integrate python app with SecurID ?
for local (cron) scripting, we use Python (better: Jython) scripts stored at the RSA SecurID Primary. For remote management of RSA SecurID, you have to define an SecurID Administrative Role, apply this to a dedicated service user and establish an application trust referring the Service user account.
Next, there are several API calls available in order to establish the two way trust with the Primary Authentication Manager Server - see Authentication Manager SDK documentation: https://community.rsa.com/docs/DOC-44845.
Hoping, this helps somehow. When it comes to the RSA AM SDK, there not as many sample codes / snippets available out there ...
Hi Luka - can you describe what you mean by integration?
Do you mean adding SecurID authentication using the authentication agent API or integrating user/token management functions using the Authentication Manager API or…?
I mean the second thing:
Integrating user/token management functions using the Authentication Manager API. Basically integrating current web app written in Python with SecurID AM for auth, management etc..
There are several possibilities including our out of the box support for Jython, calling Java from Python or calling SOAP web services from Python. I've asked our development group if they have any specific suggestions.
As a start, have you downloaded the RSA Authentication Manager SDK (documentation and sample code)?
It is part of the Extras file that you can get to via the RSA Authentication Manager DOWNLOADS->ADDITIONAL DOWNLOADS button on of this site.
Yeah, there's also SOAP web Services available w/ AM - I forgot about that. We tested that earlier but couldn't make it work, finally. But that was some years ago with AM 7.1 and may have changed of course.
So, give it a try if this fits your requirements and possibilities - why not?! I do think, it's some kind'a easier doing as you don't have to think of all that API calls with their individual requirements and parameters.
That's out of your focus as you asked for Python implementation. Additionally there's AMBA (Authentication Manager Bulk Administration). AMBA scripts are called using rsautil, but is bound to local execution afaik (I don't think, this changed with AM 8.1/8.2?). AMBA supports most of bulk Administration Tasks using Input / Output files for automation purposes: Token assignments, Token / User security Domain moves ... As RSA introduced AM 8.2, they decided to make AMBA available without additional costs. With AM 8.1 you have to buy a dedicated AMBA license. Compared to Jython API, AMBA scripting is easier as there're pre-defined Action commands.
With AM 8.1 / 8.2 documentation, there's an AMBA User Guide available, which may be a good starting Point for you, too.
Have a nice Weekend then,
Good point that you could call command line programs from python code. This could be executing the AMBA utility or a Jython script.
Jython provides the most capability (basically anything that can be done in the Security Console can be done programmatically). AMBA is somewhat simpler to use but offers a more limited set of capabilities.
Jochen's response right-on. You'll want to look at using Jython and the AM Administrative SDK. You should be able to use this combination to accomplish the functionality you're looking to implement.
Thank you for all responses. Will forward this to our developers
Retrieving data ...