we're looking to implement RSA authentication using the provided REST API (with Cloud Authentication Service), but we're facing some problems, the main being the 'initialize' endpoint keeps responding with 403 forbidden, while the others endpoints (verify, status, cancel) seem to respond 200 Ok (no matter what client_key is provided).
I would request some clarification about a few points:
1 - the documentation (rsa_securid_access_authentication_api_developers_guide.pdf) seems to differentiate between "Authentication Manager" and "Cloud Authentication Service" when talking about "Required Keys for REST Requests"; we were provided by the administrator with a key in the following format:
"accessKey": "-----BEGIN RSA PRIVATE KEY-----[omitted]\n-----END RSA PRIVATE KEY-----\n",
is this the expected authentication key format? and if it is, what is the correct value the "client_key" header should assume? (found a few code examples which however referred specifically to an Authentication Manager scenario)
2 - There are any other (configuration?) issues that could cause a similar issue? any idea?
The tests were made with both a C# client (generated from the REST api spec) and directly calling the api via Postman. same result.