Skip to main content

Add RSA Authentication via connector authentication chain module

You can integrate RSA Authentication Manager authentication in Bravura Security Fabric by configuring a custom authentication chain, using the agent.pss authentication module with the RSA Authentication Manager 7.1/8.2 connector agtrsaam , to perform a challenge-response operation.

The following case illustrates how to integrate RSA Authentication Manager authentication in Bravura Security Fabric :

Note

If the requirements include using this target for authentication and do not need the other administrative features from the Java Administrative API , it's simpler and less maintenance to only install the C Authentication API . If you do need administrative features and also require authentication failover, which only the C Auth API provides, it is recommended to install both APIs.

  1. Optional: Configure RSA Authentication Manager 7.1/8.2.

  2. Optional: Add the system as an RSA Authentication Manager 7.1/8.2 target system .

    Alternatively, if an actual RSA Authentication Manager 7.1/8.2 target system is not being used and only the challenge response authentication operation for the agtrsaam connector is to be used, the following steps must be taken:

    1. Add an RSA Authentication Manager 7.1/8.2 target system.

    2. Leave the target system address parameters as defaults or provide any value for each of the parameters.

    3. Uncheck the List accounts option for the target system.

    4. Check Automatically attach accounts for the target system.

    5. Manually create a <TARGETID> .db list file and copy it to the <instance>\psconfig\ directory.

      A sample targetid.db file is located in the samples directory.

      Add data for each user; or run the following queries in SQLite:

      INSERT INTO discobj (stableid, type, longid, shortid,displayid,sd) values ("1001","ACCT","rsauser1","rsauser1","RSA Userone",NULL); 
INSERT INTO discobjattr (stableid,type,attrkey,attrval,seqno) values ("1001","ACCT","@fullname","RSA Userone","0"); 
INSERT INTO discobj (stableid, type, longid, shortid,displayid,sd) values ("1002","ACCT","rsauser2","rsauser2","RSA Usertwo",NULL); 
INSERT INTO discobjattr (stableid,type,attrkey,attrval,seqno) values ("1002","ACCT","@fullname","RSA Usertwo","0");

      The value for the longid field must be the user IDs of the RSA Authentication Manager 7.1/8.2 users that will be used to authenticate with their SecurID tokens.

      See also: Creating a list file and copying data from other targets.

  3. Add a new custom authentication chain:

    1. Add the Connector package agent (agent.pss) module to the chain.

    2. In the module’s settings:

      • Set Target system to use for address and credentials to the target you created.

      • Set Password verification operation to ”Challenge response authentication”.

    3. Enable the custom authentication chain.

  4. Add the new custom authentication chain to the DEFAULT_LOGIN chain:

    1. Click Policies > Authentication chains > Front-end login .

    2. Disable the chain so that you can edit it.

    3. Edit the select_chain module to add the new custom authentication chain to the list of Available chains .

    4. Update and enable the DEFAULT_LOGIN chain.

  5. Test the authentication by logging in as an end user associated with the target system.

    You will be prompted to enter a valid passcode for the user’s SecurID token.

    There will also be additional prompts if the user’s SecurID token is in an extended mode for either the new pin or next token code modes.

In this section: