Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID - need some help

cryptochrome_
Contributor
‎06-24-2013 05:04:AM
‎06-24-2013 05:04:AM

RSA SecurID - need some help

Hi, 

 

a couple of years ago I already set this up once and it worked back then. Now I want to so the same thing again but I am not getting anywhere.

 

IVE 7.3

AD Server

ACE Server

 

I want to set up my realm so that the first auth server is AD and the second is RSA. However, if I choose AD as the first auth server, the RSA server is not showing up as an option for the second auth server. If I specify the RSA server as being the first, then the AD server does not show up as an option for the second. 

 

If I only select RSA (and no secondary), then I no longer have the option to create role mapping rules based on user groups (the option is simply missing).

 

Can someone shed some light on this for me, please?

 

Thanks

 

0 Kudos
27 REPLIES 27
zanyterp_
Respected Contributor
‎11-19-2007 09:00:PM
‎11-19-2007 09:00:PM

Re: RSA SecurID - need some help

thank you for sharing

0 Kudos
Era_
Occasional Contributor
‎04-06-2009 08:27:AM
‎04-06-2009 08:27:AM

Re: RSA SecurID - need some help

Hi!

Here are some details regards our RSA case - http://kb.pulsesecure.net/KB23202

In general just configure AD as LDAP server and as result it will be available under RSA -Directory/Attribute drop list.

It works for my configuration for 20 RSA roles based on AD groups memberships.

Hope it helps.






Era
0 Kudos
braker_
Frequent Contributor
‎06-24-2013 06:00:AM
‎06-24-2013 06:00:AM

Re: RSA SecurID - need some help

For clarification, when you set the RSA server as the authentication server, the AD server is not listed in the directory/attribute server drop-down?

 

Have you tried setting up an LDAP server instance that points to your AD environment as the directory/attribute server?

0 Kudos
cryptochrome_
Contributor
‎06-24-2013 06:06:AM
‎06-24-2013 06:06:AM

Re: RSA SecurID - need some help

Yes, braker, exactly right. When selecting RSA as authentication server, I can not select the AD server as directory/attribute server.

 

As for you other question: We have an additional LDAP server (pointing to a Novell eDirectory). I can select that as a directory/attribute server, but that's not what I need/want. I need the combination of RSA and Active Directory.

 

Thanks!

0 Kudos
NateK_
Contributor
‎06-24-2013 03:21:PM
‎06-24-2013 03:21:PM

Re: RSA SecurID - need some help

We use Mi-Token in place of RSA and our setup looks like the attached.

 

This is under Users > User Realms > RealmName > General tab

 

Both of the authentication servers ('Active Directory' and 'MiToken') are setup under Authentication > Auth Servers

 

In our setup you authenticate via AD credentials first and then Mi-Token code.

 

RSA setup should be the same/similar.

0 Kudos
filbert_
Frequent Contributor
‎06-24-2013 03:41:PM
‎06-24-2013 03:41:PM

Re: RSA SecurID - need some help

You can't use Native AD as an authorization server. It can only be an authenticaion server. If you confgured AD using LDAP then you could use that as an authorization server.

0 Kudos
cryptochrome_
Contributor
‎06-24-2013 11:34:PM
‎06-24-2013 11:34:PM

Re: RSA SecurID - need some help

@Filbert wrote:

You can't use Native AD as an authorization server. It can only be an authenticaion server. If you confgured AD using LDAP then you could use that as an authorization server.

Ok. And that would give me the option to authenticate users agains AD and then ask them for their SecurID Tokencode?

 

Why would native AD not work?

 

Thanks

Sascha

0 Kudos
NateK_
Contributor
‎06-25-2013 07:54:AM
‎06-25-2013 07:54:AM

Re: RSA SecurID - need some help

I just took a gander at my AD auth server setup and it looks like a combo of AD action with LDAP for group searching.

 

Back to the OP, you should be able to get your IVE setup so that AD authentication happens first and then secondary authentication to the RSA device.

 

Basically - AD credentials entered by user, verified by AD servers, then RSA token code, verified by SecurID server.

 

Both AD and RSA will need to be setup as Auth servers on your IVE and you should be golden.

0 Kudos
cryptochrome_
Contributor
‎06-25-2013 08:37:AM
‎06-25-2013 08:37:AM

Re: RSA SecurID - need some help

NateK wrote:

 

Both AD and RSA will need to be setup as Auth servers on your IVE and you should be golden.

Well it doesn't, at least not when AD is setup as "native", not LDAP. Can you confirm that your AD configuration is based on LDAP rather than native AD connection?

 

Thanks

 

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.