ACF2/IBM Z Multi-Factor Authentication RSA SecurID (AZFSIDP1 factor) can signon with either password or RSA token
search cancel

ACF2/IBM Z Multi-Factor Authentication RSA SecurID (AZFSIDP1 factor) can signon with either password or RSA token

book

Article ID: 271499

calendar_today

Updated On:

Products

ACF2 - z/OS ACF2 ACF2 - MISC

Issue/Introduction

ACF2 protected system with IBM Z Multi-Factor Authentication AZFSIDP1 factor RSA SecurID. ACF started task is active
Logonids can signon using either password or RSA Token, they should only be permitted to use RSA Token.

Resolution

The MFA AZFLDAP1 factor was configured using both the PROFILE(USER) DIV(MFA) profile record method and the $USERDATA line of a resource rule called RSAUMAP in the CASECMFA class method.

Only one of the above methods to map a logonid to a RSA userid should be done.

After removing the $KEY(RSAUMAP) TYPE(CAS) rule, issuing the F ACF2,REBUILD(CAS), and re-cycling the AZF#IN00 task, the logonids defined for RSA SecurID (AZFSIDP1) can only signon using an RSA token.

 

Additional Information