ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

RSA Authentication not working


Article ID: 207450


Updated On:


CA Privileged Access Manager (PAM)


PAM Admin cannot get the RSA integration working with PAM.


Release : 3.4.x



When integrating PAM into RSA you need to validate:

  • PAM Server needs to be added as an Authentication Agent
    • RSA UI -> Access -> Authentication Agents -> Add New
      Servername needs to match exactly as it is in the PAM UI -> Configuration -> Network -> Network Setting -> Hostname
  • After defining the Authentication Agent -> RSA Admin will “Generate a Configuration File”
    • RSA UI -> Access -> Authentication Agents -> Generate a Configuration File (generates a sdconf.rec file)
    • PAM admin will need to manually create a sdopts.rec file
  • Download the server certificate file from RSA
    RSA UI -> Access -> Authentication Agents -> Download Server Certificate File
  • Upload the Certificate into PAM:
    • PAM UI -> Configuration -> Security -> Certificates -> Upload -> CA Bundles -> Upload certificate here

Finally in RSA - use the Real-time Activity Monitor to see if any requests are going to the RSA server:

  • RSA UI -> Reporting -> Real-time Activity Monitors -> Authentication Activity Monitor -> Start Monitor (with Successful, Warning and Failure Events selected)