Forum Discussion

Larson27's avatar
Larson27
Icon for Nimbostratus rankNimbostratus
Apr 21, 2015

APM - RSA SecurID & Active Directory...

Before I start - forgive me - I have been through just about every solution in DevCentral over the last couple of days - and I am flat stumped at this point.

 

I am aware that we we can get users to authenticate using RSA SecurID and AD. However, following the excellent directions given by many others, I seem to be missing something when setting this process up in our VPE. I've been banging my head on the desk for about 2 days on this...

 

Image 1 - The Policy (Built out in a Macro for purpose of images)

 

Image 2 - The Logon Page (Password and Passcode Fields)

 

Image 3 - Variable (AD to Passcode)

 

Image 4 - Variable (Passcode to AD)

 

I am hoping the images at least help my cause. I feel I am in the ballpark, but just missing that something, and hoping another set of eyes can put me over the top.

 

Thanks in advance!

 

DJL

 

APM
deployment
design
management
security
vpe

2 Replies

Sort By
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Apr 21, 2015

    Hi,

     

    How far do you get through the policy before it fails? I don't understand why in Image 4 you are setting the passcode to password as you do it in Image 3.

     

    Can you give us a little bit more details on the scenario and errors seen?

     

    Seth

     

  • Larson27's avatar
    Larson27
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2015

    Thanks!

     

    This is a FirePass migration to APM - so this was a non-issue on the FirePass as several have stated before. When I use an Admin account with the AD Password it fails at RSA Authentication. When I use an Admin account with RSA SecurID it authenticates without issue

     

    My thought process was as such (also compiled from several other threads here) User logs in with Password, or Passcode It authenticates where needed AD Query leads to AD Group Assign - Several Network Access groups are assigned to this customer - hence the AD Group Assign is needed. My thinking was that using the variables, I would need to get the Passcode back to a Password in order for the query to happen - and assign the correct network access.