I would like to set up our SA 4000 v. 6.5 R7 with RSA SecurID 7.1 appliance for users to VPN in and I would like to have dual authentication. First I would like it to prompt for their Active Directory username/password, then the RSA passcode from their key fob. The RSA appliance can now see the list of user accounts via the LDAP integration which was successful.
Any suggestions are greatly appreciated?
You want to do primary authentication with AD and secondary authentication with RSA SecurID. Should be no problem. Pretty sure there is an option to enter the AD password and RSA passcode on the same page, or to do AD authentication first, and then forward you to a second page to do the RSA authentication. Read up on "secondary authentication" in the Admin Guide.
That should be an easy one.
Which protocol are you using for authentication on the RSA appliance. I suppose it is RADIUS?
In that case, create two auth servers : one LDAP and one RADIUS specifying the details upon creation (like IP, base DN, etc ...
and create a realm having your two servers in there.
As soon as you have that you can modify the sign in page to display whatever you want to put in front of the fields to be descriptive for your end users. For example you could modify the token field as 'Token Code' and the LDAP Password as Domain password.
Let me know if you have additional questions,