Targeting an RSA Authentication Manager 7.1/8.x server

Options marked with a are required.

URL

The non-SSL (t3) or SSL (t3s) server URL for the RSA Authentication Manager 7.1/8.2 server.

For example:

t3://<ip address>:<port>

t3s://<ip address>:<ssl port>

The default non-SSL port is 7011. The default SSL port is 7002. You can look up the actual ports being used in the config.xml file on the RSA server.

For RSA Authentication Manager 8.x, SSL is the recommended configuration for the server URL.

(key: serverUrl)

RSA API path

This is where the Java API files are located for the SDK installation directory for <SDK_HOME>.

For example:

C:\rsa.sdk

(key: rsaApiPath)

RSA certificate store

This is the location of the certificate keystore file that was generated when importing the server root certificate file.

For example:

C:\rsa.sdk\lib\java\trust.jks

(key: certStore)

Java Virtual Machine Properties

Provides the ability to specify additional JVM properties in order to allow changing the supported version for the weblogic security layer during SSL negotiation and for the minimum protocol version. The format is specified as a KVGroup.

For example:

{weblogic.security.SSL.minimumProtocolVersion=TLSv1.2;

weblogic.security.SSL.protocolVersion=TLSv1.2;};

{weblogic.security.SSL.minimumProtocolVersion=SSLv3;

weblogic.security.SSL.protocolVersion=TLSv1.2;};

(key: jvmProperties)

Security realm

RSA Authentication Manager 7.1 : If the security realm is not specified or is set to *, then the default is the first security realm found.

RSA Authentication Manager 8.x: Currently only SystemDomain is supported. Default value if not specified or set to * is SystemDomain.

(key: realm)

Sub-domain (defaults to entire realm)

A sub-domain under the realm or security domain may be specified.

If left blank, then the entire realm or security domain is used.

(key: domain)

List domains recursively

Check this option in order to search recursively for sub-domains within either the realm or security domain or the sub-domain if it is specified. All of the sub-domains under the specified domain will be searched.

If this option is unchecked, then only either the realm or security domain or the sub-domain if it is specified will be searched. The domain will not be searched recursively.

The Security Domain set for the SecurID tokens is what will be used when listing users for the specified realm or security domain and specified sub-domains. Ensure that this is set correctly for SecurID tokens for both existing users as well as for unassigned tokens that will added to the inventory.

(key: recursive)

Version

This is the version of the RSA Authentication Manager 7.1/8.2 server. This value can be set to 7 or 8.

(key: version)

Java runtime version

This is the version of the Java RunTime Environment to use for the target.

It should be set to 1.5 for RSA Authentication Manager 7.1 or 1.6, 1.7, or 1.8 64-bit for RSA Authentication Manager 8.x.

If left blank, then the current version of Java that is installed will be used.

(key: javaRuntimeVersion)

Generated PIN length

The token PIN length that is used when setting a PIN or when the PIN is system generated for a user’s token.

The value for Generated PIN length cannot be greater than the Maximum Length or less than the Minimum Length for the PIN Format for the Token Policy on the RSA Authentication Manager 7.1/8.2 server.

It is recommended that the PIN length be set to the Maximum Length for the PIN Format that is defined for the Token Policy on the RSA Authentication Manager 7.1/8.2 server.

If left blank, the Token Policy on the RSA Authentication Manager 7.1/8.2 server is looked up. The Minimum Length for the PIN Format is used for the Generated PIN length field.

(key: pinLength)

Generated PIN character set

The character set that is used when setting a PIN or when the PIN is system generated for a user’s token.

If the Character Requirements for the PIN Format for the Token Policy on the RSA Authentication Manager 7.1/8.2 server is set to "Allow alphanumeric PINs", then the value for this should be set to the following:

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

This value can also be optionally restricted to a shorter list of alphanumeric characters.

If the Character Requirements for the PIN Format for the Token Policy on the RSA Authentication Manager 7.1/8.2 server is set to "Require numeric PINs", then the value for this must be set to the following to disallow anything that is not numeric:

0123456789

If left blank, the Token Policy on the RSA Authentication Manager 7.1/8.2 server is looked up. The Character Requirements for the PIN Format is used for the Generated PIN character set field.

(key: pinCharset)

Include expired tokens

Check this parameter to allow for users whose SecurID authenticators have expired to still be included during listing. Uncheck to only include the authenticators that are not currently expired.

Default value is for this option to be checked to list both expired as well as non-expired SecurID authentications for the users.

(key: expired)