RSA Authentication not working

book

Article ID: 207450

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin cannot get the RSA integration working with PAM.

Environment

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

When integrating PAM into RSA you need to validate:

  • PAM Server needs to be added as an Authentication Agent
    • RSA UI -> Access -> Authentication Agents -> Add New
      Servername needs to match exactly as it is in the PAM UI -> Configuration -> Network -> Network Setting -> Hostname
  • After defining the Authentication Agent -> RSA Admin will “Generate a Configuration File”
    • RSA UI -> Access -> Authentication Agents -> Generate a Configuration File (generates a sdconf.rec file)
    • PAM admin will need to manually create a sdopts.rec file
  • Download the server certificate file from RSA
    RSA UI -> Access -> Authentication Agents -> Download Server Certificate File
  • Upload the Certificate into PAM:
    • PAM UI -> Configuration -> Security -> Certificates -> Upload -> CA Bundles -> Upload certificate here

Finally in RSA - use the Real-time Activity Monitor to see if any requests are going to the RSA server:

  • RSA UI -> Reporting -> Real-time Activity Monitors -> Authentication Activity Monitor -> Start Monitor (with Successful, Warning and Failure Events selected)