CA Identity Manager Connector Guides › Connectors Guide › Connecting to Endpoints › RSA ACE (SecurID) Connector › RSA Installation

RSA Installation

This connector is managed using the Connector and agent installation process. For more information and requirements, click here.

This connector can also be managed using the Connector and C++ Server installation process as well.

The following sections detail the post installation and configuring requirements for this connector.

RSA Post Installation Requirements

The following must be done after the connector installation:

• The user named SYSTEM must be added to the Primary RSA ACE/Server and registered as an Administrator.
• CAM CAFT service must be configured on the Primary RSA/ACE Server. For more information, see the following section.
• The RSA Authentication Manager 5.x and higher Administration Toolkit must be installed on the Primary RSA ACE/Server. For token management, the 6.1 Administration Toolkit is required.
• If you plan to install the RSA remote agent on Solaris 8 or 9, you may be required to tune certain kernel parameters if the values are set lower than required. If this is necessary you are notified by an error message during the install. For further details, refer to the readme_install.txt file, found in:

  /<install path>/RemoteAgent/RSA/solaris/ecs-installation" 
  

RSA Limitations

For this release, the following limitations should be considered when using the RSA Connector:

• If the PIN change option is selected for an eTPassword change event propagation, only numeric values for the password change event will be accepted regardless of the PIN options settings specified in the System Parameters of the RSA ACE/Server Administration Tool. This limitation is due to handling of the PIN change by RSA Administration Toolkit function Sd_SetPin(). This restriction is also imposed by the type of the devices (like RSA SecurID PINPAD Token) that are not allowed the use of alphanumeric PINs.
• Management for multiple tokens is not supported. The Agent component processes modify requests for token objects one at a time.
• The assignment of the tokens to the accounts created for global users cannot be done using the RSA Account Template. A token cannot be associated with more than one user at the same time. To do this, you must create the accounts first and then assign tokens using the RSA Connector GUI or RSA native administration tools.

Install the RSA Remote Agent

To install the RSA Remote Agent, follow this procedure.

To install the RSA Remote Agent

1. Locate the Provisioning Component installation media.
2. Run the RSA installer from the following locations:

• For Windows

  RemoteAgent/RSA/setup.exe
  

• For Solaris

  RemoteAgent/RSA/setup
  

Answer the questions to provide information about your system.

How to Configure the CAM and CAFT Service

Install the RSA Remote Agent and configure the CAM and CAFT Service on any RSA ACE/Server machine that you want to administer.

To configure the CAM and CAFT Service, perform the following procedure.

From the RSA ACE/Server machine

1. Log on as the domain or local administrator
2. Issue the following command from a command window:

   cafthost -a RSA_node_name
   

   RSA_node_name

   Specifies the name of the Connector Server.

   Note: If the Connector Server is networked using DHCP or you do not use DNS for name resolution, the network name will not be recognized. Under these conditions, use the TCP/IP address for the RSA ACE node name or add an RSA ACE node entry in the local hosts file on your RSA ACE/Server machine.

3. Verify this command by issuing the following command:

   cafthost -l 
   

RSA Support for FIPS and IPv6

For this release of CA Identity Manager, the RSA Connector does not support FIPs or IPv6.