cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4053
Views
0
Helpful
10
Replies

Cisco ACS 5.1 and RSA Authentication Manager 6.1

vanamsreekanth
Level 1
Level 1

Hi All

We  got recently a Cisco Secure ACS 1120 and i upgraded the Appliance to 5.1 from 5.0 with all your support

Now I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1 . I Successfully Downloaded config file from RSA ACE Server and exported into ACS 1120.

I also Added ACS as a NetOS Agent in the RSA Server , during the process i found few warnings . The ACE Server is not able to Resolve the IP Address to NAme ( DOes it Necessary ?? ).

I havent created any secret Key file for communication between ACS and RSA and encryption i used is DES.

Now when I log into ACS and search for Devices in the Identity Store Sequences i am not able to Look for RSA Token Sever .

Kindly let me know what went wrong ,where can i correct  and also  please tell me how communciaction between RSA and ACS happens???

Hoping u guys help me as usual when i am in emergency ....

Sree

1 Accepted Solution

Accepted Solutions

Were you successfully able to create the RSA identity server. After you selected the sdconf.rec and pressed Submit what happened? Did the RSA instance get created OK?

If you go toUsers and Identity Stores >External Identity Stores > RSA SecurID Token Servers, what do you see in the list?

View solution in original post

10 Replies 10

jrabinow
Level 7
Level 7

You need to first create the RSA identity store. Go to

Users and Identity Stores > External Identity Stores > RSA SecurID Token Servers and press Create

You need to import the sdconf.rec' file that was created on the RSA server when the ACS was defined.

After the RSA server instance is created it can then be selected as the result in an indentity policy and will be accessed for authentication

Hi Rabinow,

I also did it and successfully exported the sdconf.rec file to ACS , even then i am unable to see the External Database in the Identity Sequence .

Sree

Were you successfully able to create the RSA identity server. After you selected the sdconf.rec and pressed Submit what happened? Did the RSA instance get created OK?

If you go toUsers and Identity Stores >External Identity Stores > RSA SecurID Token Servers, what do you see in the list?

Hi Rabinow

I am able to see the RSA Secure ID Server in the External User Database, but i am not able 2 see it in the Identity Sequence ...

I am not sure whether these devices are Integrated or not ? How can i test it ?

Sree

I think I may see you problem. When you go to the Identity Sequence you see the list of databases that are available for attribute retrieval. RSA is not inlcuded in this list since there are no atributes retrieved from RSA.

However, you should see two check bixes under authentication method list. Password absed should eb used if, like in this case, you use password based authentication against an identity store. Select Password based option and you should see the RSA identity stored liste in the set of available stores for authentication

  Jonny

Hi Jonny

So kind of U , Now i am able to see the RSA Database in The Identity Stores .

Can u please let me know how can i use the Password Authentication to be redirected to RSA Server when i add a user in the ACS Database.

Sorry for troubling u , I am new to the GUI feel of ACS 5.1 and also let me know any reelevant Documentation for the stuff.

Thankssssss

Sree

Sree

ACS 5.1 uses a policy/rule based mechanism for processing requests and eventually assigning permissions. For you to successfully to use ACS 5.1 it will be important you have a good handle on how this works. There are some good resources on the Welcome page including a video

I am guessing you may still have the default policy settings as defined in system installation. If so, you can select the identity store at one of the following links:

RADIUS:Access Policies > Access Services > Default Network Access > Identity

>>> Press 'Select", select the RSA database and then 'Save Changes'

TACACS+

Access Policies > Access Services > Default Device Admin > Identity

>>> Press 'Select", select the RSA database and then 'Save Changes'

Identity Sources are selected as the ersults of policies in order for ACS to access them when the corresponding rule is matched. Identity Sequences are only used when seelcted as the result of an identity policy

Jonny

Hey Jonny

Thanks for your Support and Time .

I carry out a test for today and let u know what is the result.

Sree

Hi All

I am again Unsuccesful with the test ,  can any one send me the example configurations that should be done on Cisco ACS 5.1  and also in the Cisco RSA Authentication Manager as well . So that i can follow the steps easily.

The Question i have is

1. Do i need to add the username of the user in the Internal userdatabase of ACS and also in RSA to get the Authentication Success.

2. What should the ACS consider if there is an authenticationb Failure as " User not Found " or " Auth Failure " ?

Thanks in Advance.

Sree

alwyncoetzer
Level 1
Level 1

Hi Sreekanth

Were you able to sort out this issue and did you manage to find any documentation to help you with the Cisco ACS 5.1 and RSA Authentication Manager 6.1

I am currently doing the same setup and not 100% sure on how to go about this

Cheers

Al