Steps followed :
When I access a OAM protected resource , it displays a login page .
I enter the same username tested above .
Entered the tokencode - I get the above mentioned error .
I even tried with PIN followed by tokencode - I get the below mentioned error .
Error seen -
"Principal authentication
User “ABC” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”
Authentication method failed"
I have tested the hardware token to be working fine , on the ssc console .( had to resynchronize the token from the self service console ).
( I have tried "test" from the self-service console,
I entered username and PIN followed by tokencode. I got the below success message .
"Your test authentication is successful." )
Please suggest what do I need to check to resolve this issue.
What is OAM specifically ? Oracle ?
Anyway, in general, at any generic agent that does securid auth, it does the first auth using an encryption scheme at the agent with any IP it may have in it's stack to the RSA server, and the RSA server decrypts with the IP address you set up on the Security Console for that agent. If these are not the same, then auth method failed will be the result until you fix the IP mismatch. The thing is, if the agent has more than IP, you don't know if it has picked the right one....so you can override this and specify what to use.
The easy way to do this is create a plain text file on the agent, called sdopts.rec, and in that file have one line in it:
CLIENT_IP=a.b.c.d
where a.b.c.d would represent the actual IP address you think the agent should be using [and the IP that is configured on the RSA server for that agent]. When an sdopts.rec file exists, all agents will look inside it for instructions and if it has CLIENT_IP the agent will forget what IP it was trying to use, and use the IP in that file. Place the sdconf.rec file in the 'working directory' for the agent (the same directory that has the sdconf.rec file).