Configuring RSA SecurID Support on an Existing Site
EFT can be configured for RSA SecurID authentication via either Native SecurID protocol or RADIUS. (Requires AAMM.) To configure RADIUS on a new Site, refer to Defining Connections (Sites). For more information before configuring, refer to RADIUS for User Authentication.
To configure EFT for RSA SecurID
-
If you are using the RSA Native SecurID protocol, use the RSA Security Console to generate the sdconf.rec configuration file, then copy the file to a location on EFT (typically %windir%\system32).
-
Log in to the EFT administration interface and click the Site node for which you want to enable RSA SecurID.
-
Click RSA SecurID and then click Configure. The RSA SecurID Authentication Settings dialog box appears.
-
The RSA SecurID Authentication Settings dialog box is available from each Globalscape, AD, LDAP, or ODBC-authenticated Site. The dialog box allows you to specify the location of the RSA Server configuration file.
-
Click the folder icon to specify the location of the RSA Server configuration file (sdconf.rec). Note that SecurID files will reside in this location. Node secret and sdstatus.12 files will be generated at this location. When configuring RSA in an HA environment be sure to have the sdconf.rec file store locally for each node. Each node MUST have its own copy of sdconf.rec.
-
Click OK.
-
Click Apply to save your settings.
-
Click Yes to restart the Site.
RSA SecurID uses a “sdconf.rec” file to configure itself as an authentication agent. Upon initial connection to the SecurID server (the first authentication attempt), a "shared secret” is established between (the Authentication Agent (EFT) and the RSA SecurID server. EFT saves this secret in the same path as the Site's “sdconf.rec” file. If you clear the node secret in RSA SecurID, you will need to clear the secret on EFT, or it will be unable to establish a new one with the server. While the service is stopped, delete the “sdstatus.12” and “securid” files that EFT created. When you restart the service, a new secret is established.
When using HA, you need to specify a unique location (local) for the log files. This is for troubleshooting purposes (to know on which node the issue occurred). Also, having two nodes write to the same file causes issues with file locking, which will cause data in the logs to be lost. For visibility into node status, enable cluster logging. Logging.cfg has new logging options specifically for HA. When configuring RSA in an HA environment be sure to have the sdconf.rec file stored locally for each node. Each node MUST have its own copy of sdconf.rec.
Related Topics