7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Procedure
1 After downloading the sdconf.rec file from the RSA Secure Authentication Manager server, use the
following commands to change the file format into Base64 and convert that format to a one-line format
that can be passed in a JSON string to the Access Point REST API.
a Use a command such as the Linux base64 command to produce the Base64 encoding format for the
sdconf.rec file:
base64 sdconf.rec > sdconfBase64.txt
b Use a cat command to convert the Base64 file to single-line JSON format.:
cat sdconfBase64.txt | tr '\n' '\\' | sed -e 's/\\/\\n/g'
2 Use a REST client, such as curl or postman, to invoke the Access Point REST API and get the default
RSA SecurID authentication settings.
The following example uses a curl command. In the example, access-point-appliance.example.com is the
fully qualified domain name of the Access Point appliance.
curl -k -u 'admin' https://access-point-appliance.example.com:
9443/rest/v1/config/authmethod/securid-auth
3
Paste the output of the cat command from Step 1 into the serverConfig field of a JSON request for
enabling RSA SecurID authentication.
The following properties are the required properties to configure. You can also change the defaults for
the other properties.
{
"enabled": "true",
"name": "securid-auth",
"numIterations": "5",
"externalHostName": "10.20.30.40",
"internalHostName": "10.20.30.40",
"nameIdSuffix": ""
"serverConfig": ""OwYFI7owv5UrAdlfnOsW2 ... nVesmbkLRjNOYxqm"
}
In this example, the ellipses (...) indicates the middle content of the base64 sdconfBase64.txt file. The
format of this file must be one-line format that can be passed in a JSON string to the Access Point REST
API.
Use externalHostName to specify the external address of the Access Point appliance that is specified in
the SecurID server's agent, and use internalHostName to specify the internal, static IP address of the
Access Point appliance.
Use numIterations to specify the number of attempts that are allowed for logging in. In this example, a
user is allowed 5 attempts to supply the correct SecurID code.
4 Use a REST client to get the default edge service settings for the Horizon server.
curl -k -u 'admin' https://access-point-appliance.example.com:
9443/rest/v1/config/edgeservice/VIEW
This example specifies the VIEW edge service because for this release two-factor authentication is
supported only if you use the VIEW edge service.
Deploying and Configuring Access Point
62 VMware, Inc.