AP 1200 and RSA Secure ID

I know a RSA secure ID radius server be used to authenticate to the 1200 access point, and we have to use PEAP. I want to know how does that work... is there a separate pop-up to authenticate to the wep and then the login to the active directory?
Can someone link me to a CCO document which gives me a good reading on the topic?

You might want to check out:
http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_WLAN_PEAP_ACE5.pdf

Similar Messages

  • RSA Secure ID ACE/Server and gateway  IDM

    Hi all,
    we are trying to integrate and RSA server with IDM 6.0SP2.
    I do not understand this phrase on resource references doc.
    If SecurID is installed on Windows, the Identity Manager gateway must be running on
    the same system where the RSA ACE/Server is installed.it means that the gateway from RSA server must run on the same server where is running RSA ?
    Someone has integrated the appliance RSA installing on it the gateway ?
    Thanks,
    mazant

    The port should be 9278. Enable the gateway trace and see if it is logging anything to the trace file.

  • MD5 and RSA - Slow performance  - Help / Views Required

    Hi,
    I am facing a problem while signing a message.The
    scenario is:
    I have to create 20,000 messages to be sent to
    clients. I am encrypting the message using MD5 and
    RSA.
    But when i am encrypting via RSA it takes about 20
    mins to encrypt the 20k messages.I dont know why its
    taking so much time. I have max 4-5 mins to manipulate
    and send messages. The sample code is as follows:
    ur earliest help will be quite helpful.
    Thanks in advance
    Hassan
    ************** Source Code ****************
    import java.io.IOException;
    import java.math.BigInteger;
    import java.security.KeyFactory;
    import java.security.MessageDigest;
    import java.security.Signature;
    import java.security.PrivateKey;
    import java.security.spec.RSAPrivateKeySpec;
    import org.apache.log4j.Logger;
    public class Signer {
    ******************************************

    Hi Sabre,
    I have compiled the simple code from JCE tutorial for DES. The output text it is showing is different than input text.
    Is there any problem going on in tutorial's example ?
    Regards
    Hamid
    ******** output **************
    the original cleartext is: [B@13a328f
    the encrypted text is: [B@337838
    the final cleartext is: [B@119cca4
    ******** Code ************
    public class jCypher {
    private static Cipher desCipher = null;
    public static void main (String[] args) throws NoSuchAlgorithmException,
    InvalidKeyException, IllegalBlockSizeException, NoSuchProviderException,
    BadPaddingException, NoSuchPaddingException, Exception
    //Creating a Key Generator and Generating a Key
    //public static KeyGenerator getInstance(String algorithm);
    KeyGenerator keygen = KeyGenerator.getInstance("DES");
    SecretKey desKey = keygen.generateKey();
    // Creating a Cipher
    // Cipher.getInstance(Transformation);     
    // c1 = Cipher.getInstance("RSA/ECB/PKCS1Padding");     
    desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
    // Cipher.init(int opmode, Key key);
    desCipher.init(Cipher.ENCRYPT_MODE, desKey );
    // Cleartext
    byte[] cleartext = "This is small Text for testing".getBytes();
    System.out.println("the original cleartext is: " + cleartext.toString());
    // Encrypt the cleartext
    // encrypted or decrypted data in one step (single-part operation)
    // public byte[] doFinal(byte[] input);
    byte[] ciphertext = desCipher.doFinal(cleartext);
    System.out.println("the encrypted text is: " + ciphertext.toString());
    // Initialize the same cipher for decryption
    desCipher.init(Cipher.DECRYPT_MODE, desKey );
    // Decrypt the ciphertext
    byte[] cleartext1 = desCipher.doFinal(ciphertext);
    System.out.println("the final cleartext is: " + cleartext1.toString());
    } // End main()
    }

  • Simple Plug and Play Secure Wireless?

    I am trying to setup a simple way to have wireless users on our network be able to connect to our access points, authenticate to our ACS Server (Cisco Hardware ACS applicance) but without having to go through special configurations on the client. This needs to be secure too and not easily broken. We are using Cisco 1200 and 1300 802.11G AP's and the clients vary from having integrated wireless NIC's to running Cisco Wireless cards, to running other branded cards. We are currently using PEAP, but it is time consuming to configure and sometimes confusing to the users. I was thinking of switching to open authentication on a isolated subnet and using a Cisco BBSM (Building Broadband Service Manager) to securely connect to our network, but Cisco just made this device end of sale, end of life, so I'm hesitant to go this route. WPA/WPA2 or some of the other PEAP/EAP/LEAP are configuration intensive too. Any suggestions? Does cisco have anything to replace the BBSM? What about PPOE? Would this be an alternative? Can I use a router or firewall to terminate these connections or would I need a specialized server or other device? I really need a simple way to securly connect end users to our wireless network without any undue configuration on their end.

    Probably the easiest would be to keep the wireless communications open, and use a VPN concentrator running to an SSL VPN client on the laptops/pcs.
    All they'd have to do is aim their browser that the VPN gateway, and allow the SSL client to be downstreamed to their computer.
    Beyond that, use your BBSM proxy or provide user auth at the VPN concentrator.
    Leave the SSID in broadcast mode ("guest").
    With this system, most clients can find the wireless system (SSID broadcast), the encryption via the SSL VPN is very strong, and there'd be no real configuration for the clients. Just aim the browesr at the VPN gateway/concentrator and enter the username and password.
    Also, make sure you enable "Public Secure Packet Forwarding" (PSPF) to prevent one client from attacking other clients on te wireless LAN.
    Users that use the system on a regular basis could get / use certificates for authentication. If they're on the system a lot, then the minor grief of setup would be worth it.
    The SSL client uses Java, I believe, so it should be fairly universal (i.e., not platform specific). I haven't tried te SSL client n any system other than MS Windows so I can't really comment on *nix or Mac.
    The SSL gate ( 3000 series) that we use for our Lab access seems to work pretty well.
    Good Luck
    Scott

  • ACS 4.2 with multiple RSA secure ID token servers

    Hi all,
    I have a question which I couldn't find an answer to so far.  Below is a very brief explaination of what I have and what I need to do.
    What I have:
    1- An ACS 4.2 server installed on win 2003 with RSA agent installed.
    2- A RSA Secure ID Token Authentication manger 7.1
    The problem:
    Due to lost RSA master password I am unable to back the DB up and upgrade RSA AM 7.1 to 7.1 SP4.
    So far all the solution I have found and been told to do by RSA support have not enabled me to recover the lost password.
    What I want to do:
    I want to install a fresh copy of RSA AM 7.1 SP4 on Win 2008 R2
    Since I can't make a DB backup from the running RSA, once I install the fresh copy I will migrate users one by one
    My question:
    This is a very busy production environment and users can't tolorate down time at all.
    I need to keep everything running, I need to know if it is possible to have 2 RSA data sotres setup within ACS 4.2 or not?
    And if so, will migrated users to the new RSA installation be still able to authenticate or not?
    Can ACS send multiple authentication request simultaneously or not? And what happenes if a user is present in both instances of RSA, old and new?
    Thanks,
    Khash

    I have this setup and working. Set up an external database connection on the ACS for a RADIUS server (not RSA) and setup your RSA server with the RADIUS shared secret. Check IP connectivity between both,and make sure that the RSA server is the first database to be queried. Here you are just using Radius to pass through the auth from the ACS to the RSA server.

  • RSA Secure ID - seed file query

    Hello!
    I had to come to Microsofts forum for help, as the company behind RSA don't have support for ''non-enterprise'' (coined) customers. 
    My company installed RSA Secure ID so I can generate a ''soft token'' to log onto my companies Citrix apps, and open CRM software etc.  
    This soft token works with a ''seed file'' that my company gives me, that is unique to a serial number that RSA generates based on my unique PC. 
    My question is this; I know that the seedfile I received is bound to my hard drive as the software generates a unique serial number for
    every install, and it pertains to the hardware (and perhaps bound to the motherboard also)
    I'm wondering that if I need to re install Windows 8.1 (eg
    system image restore)  onto the same hard drive, for whatever reason, will the serial generated by my hard drive be the same
    and therefore allow me to use the seed file my company supplied me, that is dedicated to the serial number.   For example, restoring from a system image.  
    I have no idea if any users would know this outside of EMC (company behind RSA)  but, even my IT dept. in my company don't know!
    And I don't want to ''test'' this scenario out, for the fear I won't be able to work!
    Any help from IT pros/power users would be fantastic. 
    Cheers!

    The problem could be with your Secure ID RSA server.

  • Reset RSA Secure ID pin using API

    hi
    I need to reset the RSA secure ID pin for a user using the OIM API's. Has anyone worked on the same , if so, please guide me on this.
    Thanks,
    Anuj.

    Patrick,
    We have a 3rd party API to integrate 9iAS components (including Portal) with other authentication servers. For 9iAS R2, it's described in the SSO admin guide http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/manage.902/a96115/tpsso.htm#1005152
    (and the same API also exists for 9iAS 1.0/Portal 3.0).
    I've heard of folks using this API to integrate custom SSO servers, biometric systems, RADIUS servers, etc.. I am curious if anyone out there has used the API with SecureID.
    -Lee

  • Direct Access and RSA

    Does DirectAccess collaborate with RSA?
    Tnx!

    Hi Doran,
    Thanks for posting here.
    Here is the extract from article “DirectAccess FAQ” might answer your question :
    Q.  I use a security token as my second authentication factor today. Can that be used with DirectAccess?
    A.  To enforce multi-factor credentials for intranet access, DirectAccess requires the Active Directory domain controller to mark the Kerberos token with
    a Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) indicator. Other two-factor authentication methods that are used for traditional VPN connections, such as using an RSA Secure ID token, do not perform an Active Directory-based authentication
    with PKINIT and cannot be used for DirectAccess multi-factor authentication.
    DirectAccess FAQ
    http://www.microsoft.com/windowsserver2008/en/us/directaccess-faq.aspx
    Thanks.
    Tiger Li
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact
    [email protected]
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Hi i got a new airport express for christmas and i set it up as per instructions ,i even give a static ip and wpa2 security ..the problem is is when i come to want to use it it says its not on my network and a orange triangle shows .when i reboot it works

    hi i got a new airport express for christmas and i set it up as per instructions ,i even give a static ip and wpa2 security ..the problem is is when i come to want to use it it says its not on my network and a orange triangle shows .when i reboot it works..then if i leave it a while and try iy agian its disapeared of my network...i have a bt hub 3 ....any help please ..im not sure if itsa faulty express

    I really don't have an answer for that one. I guess that while trying to get things working correctly, I would use the most basic monitor I had which in your case would be the Eizon using the Thunderbolt port and adaptor.
    When you boot into Safe Mode the startup is quite slow, but you should get the Apple logo and then the spinning gear below it (release the SHIFT key when it appears.) Then after a little more time you should see a gray progress bar appear below the spinning gear. When that disappears the computer will startup to a login screen.

  • My ipod wont let me buy apps etc... keeps saying this is the first time this device has been used and to sign in and answer security questions. I have had this account for years but cant remember the answer to the security questions. How can i fix it?

    My iPod touch wont let me buy anything, i've beem using this account for a couple of years and now it says that this is the first ime this id has been used on my device... it's not.... and to sign in and answer security questions. i cant remember the answers to the questions. How can i fix this without making a new account and losing all my stuff???

    From a Kappy  post
    The Three Best Alternatives for Security Questions and Rescue Mail
       1. Use Apple's Express Lane.
    Go to https://expresslane.apple.com ; click 'See all products and services' at the
    bottom of the page. In the next page click 'More Products and Services, then
    'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
    ID security questions' and click 'Continue'. Please be patient waiting for the return
    phone call. It will come in time depending on how heavily the servers are being hit.
    2.  Call Apple Support in your country: Customer Service: Contact Apple support.
    3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • I have forgotten my Apple ID and my security question. How can I change it. When I try to verify it through email it never goes through...

    I've forgotten my Apple ID and my security question. I've tried to receive the Apple ID through email but I never receive the email.

    The Best Alternatives for Security Questions and Rescue Mail
        a. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
        b. Call Apple Support in your country: Customer Service: Contact Apple support.
        c. Rescue email address and how to reset Apple ID security questions.

  • HT201269 When I try to setup my new iPad air, I go through all the steps for the iCloud sign-in and choosing security questions and what not. But after I hit the agree to the terms and conditions... It says Apple ID could not be created because of a serve

    When I try to setup my new iPad air, I go through all the steps for the iCloud sign-in and choosing security questions and what not. But after I hit the agree to the terms and conditions... It says Apple ID could not be created because of a server error. Have no clue what to do... I've restarted the iPad and get the same message. But my internet works just fine.

    1. Turn router off for 30 seconds and on again
    2. Settings>General>Reset>Reset Network Settings

  • Secure and non-secure access to the web application in one war

    Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
    My questions are:
    a. Is this possible, or a reasonable requirement or a good practice?
    b. if yes, what can we do to make it happen in the security intercepter implementation?
    c. If not, what is the technical reasons?
    Thanks much.

    a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
    b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

  • I think my other account is hacked and the hacker changed the password and the security questions and i can't retrieve it , so does anyone know how to have a live (online) conversation with a senior or an apple employee responsible for such problems ?!

    Please help me because it's not the first time the account has been hacked, every time i found out that it was hacked i changed the password, but this time it is not easy because he changed the alternative email-adress and the security questions.

    Call the Apple support phone number for your country:
    http://support.apple.com/kb/HE57
    and the 1st tier agent should be able to assist you or transfer your call to the Account Security team.
    Regards.

  • HT204053 i want to change my icloud id on my iPhone, but it won't let me now that i have upgraded.  I no longer have the password and the problem is It is using an old id which the email isn't valid and the security question does not think my birthday is

    I want to change my icloud id on my iPhone, but it won't let me now that i have upgraded.  I no longer have the password and the problem is It is using an old id which the email isn't valid and the security question does not think my birthday is valid.  I cannnot delete the account because "find my iphone" wants the password linked to this old account.  But when i go into the find my iphone app it is using my corect Apple ID.  How do i fix this?

    If you still have access to your old email address, go to https//appleid.apple.com, click Manage my Apple ID and sign in with your iCloud ID.  Tap edit next to the primary email account, tap Edit, change it back to your old email account and verify it.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iPhone on your device. Then go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https//appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  You can now go to Settings>iCloud and sign in with your correct iCloud ID and password.
    If you don't have access to your old email address, you will have to contact Apple to have them reset the password so you can disable Find My iPhone and sign into your iCloud account.  You can either go to https://expresslane.apple.com, select "More Products and Services", then "Apple ID", then  on the next page select "Other Apple ID Topics", then "Lost or forgotten Apple ID password" and click "Continue"; or you can contact Apple Support (http://www.apple.com/support/icloud/contact/).

Maybe you are looking for