ACS 3.3, RSA Authentication Manager, Win2k3 AD

What is the best practice for implementing cisco ACS 3.3, RSA, Win2k3 AD.
We want to use these combo to authenticate our Remote access client. Our VPN/Firewall box is a ASA5540.
Thx

Hi
You basically have 2 posibilities:
Posibility 1:
Use the ACS as the Central AAA Server and integrate all other Authentication-Servers with the ACS.
The ACS Supports different Token Servers / AD / RADIUS Server directly.
This is very smooth, you use the ACS to control all Authentication Request from your Network devices , TACACS+ or RADIUS.
There is some limitations'thoug: ACS only supports One AD Domain and no Trusts ... this can be painful..
Poisibility2:
Use The ACS as a RADIUS proxy-Server.
There are no "direct intagration" with the other Radius Servers - such as the ACE or the different ISA-Servers, but still alll client can use the ACS as their "AAA Radius Server".
This requires separate configuration of all RADIUS servers, but it overcomes the limitation of the ACS Support of Microsoft TRUSTS.
It is possible to use a mixture of both Cenarios, and you could use things like the domain-suffix (everything behind @ in [email protected]) to deside wich RADIUS server should do the Authentication.
Hope This Helps
Greetings
Jarle

Similar Messages

In RSA Authentication Manager 7.1, how create multiple security domains

Hi,
RSA Authentication Manager 7.1 in configured with LDAP(Sun java system directory server); how create multiple security domains 7.1, is this security domains is releted to LDAP?
thanks

I think what you need to do is create an identity sequence with RSA as the selection in
Authentication and Attribute Retrieval Search List and AD in Additional Attribute Retrieval Search List. Then select this sequence as the result in the identity policy for the service

ASA5540 ver.7.2(2) RSA Authentication Manager 7.1

Good evening,
I'm searching documentation to verify if my ASA appliance support as RADIUS Server, the solution RSA Authentication Manager 7.1.
I assumed which with RADIUS Server authentication support provide by ASA software, is possible.
I've find also an a RSA SecureID Implementation Guide that I'm attached; in this document you should read about solution in conjuction with ASA ver.7.0.1 and RSA Authentication Manager 6.1
I'm verifing to don't have problem in future with compatibility between twe two brands.
Any information, link, or user guide are welcomed!
Cheers
Davide Sacca'

According to the ASA 8.0 documentation
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1057621
SDI Version Support
The security appliance supports SDI Version 5.0 and 6.0.
If you configure the RSA device as a SDI, you may have issues getting support as 7.x is unsupported. If RSA device is configured as a RADIUS device, you should not have a problem.

RSA Authentication Manager Connector 9.0.4

Hi to all. I need to connect Oracle Identity Manager 11g with an RSA Authentication Manager 6.0. So, searching through Oracle website, I noted that with the newest version of the RSA Authentication Manager Connector (9.1.0.7.0) it is only possible to connect with an RSA 7.1 with SP3 or higher. Now my questions are:
1. Where is it possibile to download the older version of this connector?
2. Even if I could download this older version (9.0.4), is it possibile to get it work with Oracle Identity Manager 11.1.1.5.2?
Thank you in advance.
Giuseppe.

Older version connectors aren't available on oracle web sites. You need to raise SR through metalink (support.oracle.com) and ask them for older versions.
Refer certification matrix/compatibility section of connector document to know if it'll work with Oracle Identity Manager 11.1.1.5.2.
regards,
Gp

RSA Authentication Manager connector exception with OIM 9.1.0.2

Hi,
I have installed RSA AM connector 9.1.0.7 on OIM 9.1.0.2 BP18 on Windows Server 2008 R2.
When I run the RSA recon schedule task, I get the following exception:
DEBUG,24 Feb 2012 12:11:13,227,[XELLERATE.ADAPTERS],Class/Method: tcADPClassLoader:findClass - Data: loading class - Value: org.iscreen.impl.xml.PositionContext
*ERROR,24 Feb 2012 12:11:13,229,[OIMCP.RSAM],====================================================*
*ERROR,24 Feb 2012 12:11:13,229,[OIMCP.RSAM],oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSALookupRecon : getGroups : An error occurred parsing the XML located at com/rsa/admin/SearchGroupsCommand_validators.xml. The location within the file is at /. The following was found that was in error: Unable to load/locate configuration file.*
*ERROR,24 Feb 2012 12:11:13,229,[OIMCP.RSAM],====================================================*
*ERROR,24 Feb 2012 12:11:13,230,[OIMCP.RSAM],================= Start Stack Trace =======================*
*ERROR,24 Feb 2012 12:11:13,230,[OIMCP.RSAM],oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSALookupRecon : getGroups*
*ERROR,24 Feb 2012 12:11:13,230,[OIMCP.RSAM],An error occurred parsing the XML located at com/rsa/admin/SearchGroupsCommand_validators.xml. The location within the file is at /. The following was found that was in error: Unable to load/locate configuration file.*
*ERROR,24 Feb 2012 12:11:13,230,[OIMCP.RSAM],Description : An error occurred parsing the XML located at com/rsa/admin/SearchGroupsCommand_validators.xml. The location within the file is at /. The following was found that was in error: Unable to load/locate configuration file.*
*ERROR,24 Feb 2012 12:11:13,230,[OIMCP.RSAM],org.iscreen.impl.xml.XmlConfigurationException: An error occurred parsing the XML located at com/rsa/admin/SearchGroupsCommand_validators.xml. The location within the file is at /. The following was found that was in error: Unable to load/locate configuration file.*
at org.iscreen.impl.xml.XmlParser.getInput(XmlParser.java:215)
at org.iscreen.impl.xml.XmlParser.parse(XmlParser.java:116)
at org.iscreen.impl.xml.XmlServiceFactory.registerInclude(XmlServiceFactory.java:117)
at org.iscreen.impl.xml.XmlServiceFactory.loadConfig(XmlServiceFactory.java:285)
at org.iscreen.ValidationFactory.buildFactory(ValidationFactory.java:120)
Any idea what may be the issue???
Thanks.

As per given bug it is looking for jars which is missing
have you install connector using deployment manager?? if yes it copy required jars at target location. verify if not there copy jars in Scheduled Task folder.
Check the document if any external jars required and same put at ThirdParty folder

Configure cisco wlc for rsa authentication

                   Hi,
I wanted to find out if it is possible to authenticate wireless networks using rsa. Currently we have a cisco wlc 2504, rsa authentication manager 7.1
Do we require a cisco ACS device to make this work. Please advise.
Thanks

Yes it is possible. The below is the list of items which you require to configure RSA authentication on WLC
•1.       RSA Authentication Manager 6.1
•2.       RSA Authentication Agent 6.1 for Microsoft Windows
•3.       Cisco Secure ACS 4.0(1) Build 27
    Note: The RADIUS server that is included can be used in place of the Cisco ACS. See the RADIUS documentation that was included with the RSA Authentication Manager on how to configure the server.
•4.       Cisco WLCs and Lightweight Access Points for Release 4.0 (version 4.0.155.0)
For more information you can go through this link:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008090399a.shtml

Need help for connecting in an RSA authentication agent

i am not sure if this is the right place but i was hoping i am lucky enough for someone with knowledge about rsa or somebody who has experience in developing security pages.
my problem is something like this, simple, how do i connect to an RSA Authentication Agent, or RSA Authentication Manager.
i was hoping you could paste an answer or paste an web address of a forum.
this kind of question is very rare in forums, so i don't really have much choice. any relevant answers are appreciated...
thank you

Hi,
What is the gateway used by Solaris. Please send the result of ifconfig -a on the Sun OS.
Sunil.

RSA authentication MGR 8

Hi all,
I'm wondering if RSA Authentication manager 8 is supported on Cisco 5520 running 8.4?
Thanks

It's little late to reply but let's see where this issue stands.
If it is still unresolved, can we check the "debug radius" and "debug aaa authentication" for an attempt.
Also, do you see any hits on the RSA auth manager. Please share what doc you followed to setup the same.
~BR
Jatin Katyal
**Do rate helpful posts**

OIM 11g - RSA Authentication Connector

Hello,
I need some information about RSA Authentication Manager connector.
We use RSA for VPN access authentication and we would like to integrate it into OIM.
I need to understand the capabilities of this connector such as provisioning and deprovisioning tokens and how to automate the distribution of soft tokens.
Can anyone help me ? Any docs or relevant links would help as well.
Thanks,
Bala

download connetor doc from below location(RSA Authentication Manager )
http://docs.oracle.com/cd/E11223_01/index.htm
Else try to download the connector extract it and open the connector doc(RSA Authentication Manager 9.1.0.7.0 )
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

RSA authentication with LDAP group mapping

Greetings,
I'm trying to set up RSA authentication with LDAP group mapping with ACS Release 4.2(1) Build 15 Patch 3.
The problem I'm having is that my users are in multiple OU's on our AD tree. When I only put our base DN in for User Directory Subtree on ACS, it fails with a "External DB reports about an error condition" error. If I add an OU in front of it, then it will work fine.
As far as I know, you can only use one LDAP configuration with RSA.
Any thoughts on this?

@Tarik
I believe your suggestion is the only way i'm going to get this to work. I ran across a similar method just this week that I have been working on.
I was hoping for dynamic mapping with the original method, but I haven't found any way to make it happen. I have resorted to creating a Radius profile on the RSA appliance for each access group I need. Using the Class attribute, I then pass the desired Group name to the ACS, i.e. OU=Admins, and that seems to work.
Thankfully, I have a small group of users that I am attempting to map. I will only map those who need elevated priviliges to narrow down how many profiles I will have to manually create. Likewise, our Account Admin will have to determine who gets assigned a particular access group.
I would still prefer to do this dynamically.
Scott

Does ASA Support Android Hybird RSA Authentication ?

Dear all
Does ASA Support Android Hybird RSA Authentication ?
I should be such as to set the ASA firewall, let him support Android VPN Hybrid mode under my settings
tunnel-group IPsec_Hybird_Tunnel general-attributes
default-group-policy Android_Hybird
authorization-required
tunnel-group Android_Hybird_Tunnel ipsec-attributes
ikev1 pre-shared-key **********
chain
ikev1 trust-point CA
ikev1 user-authentication hybrid
tunnel-group Android_Hybird_Tunnel ppp-attributes
authentication ms-chap-v2
crypto ikev1 policy 10
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
when i debug find this message
%ASA-7-713906: IP = 1.1.1.1, All SA proposals found unacceptable

I've managed to configure IPSEC hybrid(Mutual group Authentication) with the Cisco VPN client, which uses a pre-shared key and CA certificate as well as Xauth. When using "IPSec Hyrbid RSA" on an an Android device, my attempts to configure it on the ASA have failed.
Log message:
3
Jul 25 2013
20:39:54
713048
IP = 192.168.7.76, Error processing payload: Payload ID: 1

Error with RSA Auth Manager 9.1.0.7 User Recon OIM11g R1

Hi,
i'm trying to run the job RSA Auth Manager User Recon but i see this error :
oracle.iam.connectors.common.ConnectorException:
and in the server log i seee this :
[2013-03-06T18:46:37.994-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= Start Stack Trace =======================
[2013-03-06T18:46:37.994-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon : getIMSCOREAttributes()
[2013-03-06T18:46:37.995-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Index: 4, Size: 4
[2013-03-06T18:46:37.995-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Description : Index: 4, Size: 4
[2013-03-06T18:46:37.995-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] java.lang.IndexOutOfBoundsException: Index: 4, Size: 4[[
     at java.util.ArrayList.RangeCheck(ArrayList.java:547)
     at java.util.ArrayList.get(ArrayList.java:322)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.getIMSCOREAttributes(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.reconcileUser(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.getDetails(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.partialRecon(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.execute(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:385)
     at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:146)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:198)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
[2013-03-06T18:46:37.995-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= End Stack Trace =======================
[2013-03-06T18:46:37.995-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================
[2013-03-06T18:46:37.996-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon : reconcileUser() :
[2013-03-06T18:46:37.996-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================[[
[2013-03-06T18:46:37.996-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= Start Stack Trace =======================
[2013-03-06T18:46:37.996-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon : reconcileUser()
[2013-03-06T18:46:37.997-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0]
[2013-03-06T18:46:37.997-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Description :
[2013-03-06T18:46:37.997-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.common.ConnectorException: [[
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.getIMSCOREAttributes(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.reconcileUser(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.getDetails(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.partialRecon(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.execute(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:385)
     at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:146)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:198)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: java.lang.IndexOutOfBoundsException: Index: 4, Size: 4
     at java.util.ArrayList.RangeCheck(ArrayList.java:547)
     at java.util.ArrayList.get(ArrayList.java:322)
     ... 15 more
[2013-03-06T18:46:37.997-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= End Stack Trace =======================
[2013-03-06T18:46:37.997-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================
[2013-03-06T18:46:37.997-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon : getDetails() :
[2013-03-06T18:46:37.998-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================[[
[2013-03-06T18:46:37.998-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= Start Stack Trace =======================
[2013-03-06T18:46:37.998-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon : getDetails()
[2013-03-06T18:46:37.998-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0]
[2013-03-06T18:46:37.999-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Description :
[2013-03-06T18:46:37.999-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.common.ConnectorException: [[
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.reconcileUser(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.getDetails(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.partialRecon(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.execute(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:385)
     at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:146)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:198)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: oracle.iam.connectors.common.ConnectorException:
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.getIMSCOREAttributes(Unknown Source)
     ... 14 more
Caused by: java.lang.IndexOutOfBoundsException: Index: 4, Size: 4
     at java.util.ArrayList.RangeCheck(ArrayList.java:547)
     at java.util.ArrayList.get(ArrayList.java:322)
     ... 15 more
[2013-03-06T18:46:37.999-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= End Stack Trace =======================
[2013-03-06T18:46:37.999-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================
[2013-03-06T18:46:37.999-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon : partialRecon() :
[2013-03-06T18:46:37.999-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================[[
[2013-03-06T18:46:38.000-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= Start Stack Trace =======================
[2013-03-06T18:46:38.000-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon : partialRecon()
[2013-03-06T18:46:38.000-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0]
[2013-03-06T18:46:38.000-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Description :
[2013-03-06T18:46:38.001-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.common.ConnectorException: [[
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.getDetails(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.partialRecon(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.execute(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:385)
     at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:146)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:198)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: oracle.iam.connectors.common.ConnectorException:
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.reconcileUser(Unknown Source)
     ... 13 more
Caused by: oracle.iam.connectors.common.ConnectorException:
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.getIMSCOREAttributes(Unknown Source)
     ... 14 more
Caused by: java.lang.IndexOutOfBoundsException: Index: 4, Size: 4
     at java.util.ArrayList.RangeCheck(ArrayList.java:547)
     at java.util.ArrayList.get(ArrayList.java:322)
     ... 15 more
[2013-03-06T18:46:38.001-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= End Stack Trace =======================
[2013-03-06T18:46:38.001-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================
[2013-03-06T18:46:38.001-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon : execute() :
[2013-03-06T18:46:38.001-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ====================================================[[
[2013-03-06T18:46:38.002-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= Start Stack Trace =======================
[2013-03-06T18:46:38.002-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon : execute()
[2013-03-06T18:46:38.002-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0]
[2013-03-06T18:46:38.002-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Description :
[2013-03-06T18:46:38.002-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.common.ConnectorException: [[
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.partialRecon(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.execute(Unknown Source)
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAUserRecon.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:385)
     at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:146)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:198)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: oracle.iam.connectors.common.ConnectorException:
     at oracle.iam.connectors.rsaauthmgr.common.util.RSARecon.getDetails(Unknown Source)
     ... 12 more
Caused by: oracle.iam.connectors.common.ConnectorException:
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.reconcileUser(Unknown Source)
     ... 13 more
Caused by: oracle.iam.connectors.common.ConnectorException:
     at oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSAProxyUserRecon.getIMSCOREAttributes(Unknown Source)
     ... 14 more
Caused by: java.lang.IndexOutOfBoundsException: Index: 4, Size: 4
     at java.util.ArrayList.RangeCheck(ArrayList.java:547)
     at java.util.ArrayList.get(ArrayList.java:322)
     ... 15 more
[2013-03-06T18:46:38.003-05:00] [oim_server1] [ERROR] [] [OIMCP.RSAM] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] ================= End Stack Trace =======================
[2013-03-06T18:46:38.045-05:00] [oim_server1] [NOTIFICATION] [IAM-1020005] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: 054e98bebda040d0:-14752791:13d415590eb:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.RSA Auth Manager User Recon Name RSA Auth Manager User Recon
any idea?? thnks..!

Hi!
I found the bug in metalink "Bug 10041190 GTC Recon Failed With new OIM UDF Attribute Map If Attribute Name Has Space"
The workaround is: Don't use UDF's with a space in the attribute name.
This issue is fixed in 11.1.1.3.2
Thanks,
Ariel

802.1x authentication manager ..!

Dear Team ,
I have miss understanding on dot1x authentication manager so, if someone can help me to understand those scenarios :-
•1- If I have port configured to authenticate through dot1x first and failover to MAB if dot1x is not successfully. I have phone & PC behind it connected to port so, logically first dot1x should start to send EAPOL request and wait for 90 second if the phone doesn’t response to this request the port will wait some time and failover to MAB. Is it possible to get response first from the PC or its mandatory to get response first from the phone? I mean does the port block all data traffic first until the Voice traffic authenticated ? if yes so, if the phone does not authenticated at all whats happened to Data traffic ? suppose the phone send his mac-address to the port and start to run over MAB authentication process if it successful the port will change to authorization state. if it is not. the MAB authentication failed does the authentication manager process start from the beginning to run 802.1x process again.? Or will assign the Voice traffic on restricted vlan ?
•2- If I have vice versa scenario by run MAB authentication process first and failover to 802.1x process if the authentication fails. So, the phone authenticated successfully first. does the port send MAB request to the PC which is behind the Phone or directly send EAPOL to the PC ?? if the PC doesn’t authenticated or the time was expired before sending the identity does the port start the authentication process from the beginning by sending MAB request to the PC or it should stuck with 802.1x authentication process ?. does the port assign the data traffic on restricted, gust vlan ? if I didn’t configured any gust or restricted vlan so, what will happen?
•3- On both way if the port receive EAP response back does it stuck on 802.1x authentication for the Data traffic when the PC response back and never failover to MAB?

hi gents, one more thing,
- if I enable dot1x on the port without configure guest & restriction vlan so, what will happend when the authentication faild.?
the port should be assigned to unauthorized state but to which vlan should be assigned ?
- if I enable reauthentication feature without faild-authentication vlan. what will happend when the reuthentication timout finish and the authentication process start again with faild authentication from the client. the port should shift to unauthorized state but which vlan should be assigned ? and does the popup authentication appear again on the client machine or the authenticator will used the same cached authenticated credintial since the port doesn't recevie any EAP logoff or link down? does the reauthentication feature work with MAB or just only with dot1x authentication protocols ?
- whats the diff between authentication order & authentication priority ?
thanks

Best Way To Setup SGD With RSA Authentication

At the moment, I've got RSA Authentication working with SGD 4.60-911. Now under my setup, I've manually created a user profile and assigned a couple of Terminal Server sessions to it and everything is working. I'm not sure if this is the best or, more importantly, the most efficient way to be setting up users for SGD use.
Is it possible to still have RSA Authentication in place and also have the SGD users profile being accessible from AD/LDAP queries? What I'm thinking is that I could set up a SGD "dial-in" group within AD and assign the users to it, again within AD. I could then assign the applications to that group within SGD and hence filter this down to the individual users. This would stop me having to create a SGD user profile for every user we want to access SGD.
Hope this makes sense.
TIA.

The thing to understand about what Arno suggests is that the SecurID profile is not used at all.
With third-party authentication, there are two stages: authentication (nothing to do with SGD) and search for an identity and profile (perfomed by SGD).
Arno's posting tells you about the authentication set-up, and by the way, this is definitely the way to go because of the announcement here http://docs.sun.com/source/821-1928/z40000061616182.html
The result of the authentication stage is a username, usually stored in the REMOTE_USER environment variable. All of this happens independently of SGD.
With the search stage, SGD looks the the value of REMOTE_USER and performs a search for the user identity and user profile.
How SGD does this is configurable, see http://docs.sun.com/source/821-1926/z400007d1322324.html#z400007d1323983
The basic choice is to use LDAP or not.
If you don't use LDAP, then the user profile is either a user profile object you have created specifically for the user or the default Third-Party Profile (in System Objects).
If you do use LDAP, the user profile is either a user profile object you have created specifically for the user, an LDAP Profile object you create to apply settings to a group of users, or the default LDAP Profile (in System Objects).
Note: you can enable both methods at the same time.
If possible, use LDAP for the search stage. It reduces the number of user profile objects you need to create (you might not have to create any) and it means you can assign applications to users dynamically by searching the LDAP directory (less admin).
Hope this helps.

Using ACS for Cisco Prime authentication

I'd like to use our Tacacs server running ACS to be the authentication method for user accounts in Prime, but don't even know where to start with this..
Any pointers?

The configuration on the Prime Infrastructure side is minimal: define the authentication server Prime is to use and select a mode for Prime Infrastructure to use with it.
Administration > AAA > TACACS+ Servers > add tacacs server.
Administration > AAA > AAA Mode Settings > tacacs+ and enable fallback to local.
The bulk of the configuration is on the authentication server side, particularly indefining groups, services and authorization tasks. This is covered in the "Performing Administrative Tasks" chapter of the Prime Infrastructure Configuration Guide, starting with the topic "Configuring ACS 5.x"
http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1595935
"Configuring ACS 4.x"
http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1625896
https://supportforums.cisco.com/docs/DOC-17909
In case it doesn't work, please get the logs from the ACS reports and monirtoring for tacacs authentication and error message while accessing cisco prime.
Jatin Katyal
- Do rate helpful posts -

ACS 3.3, RSA Authentication Manager, Win2k3 AD

Similar Messages

Maybe you are looking for