Because the RSA C API on UNIX is not supported, enabling pass-through authentication with the SecurID ACE/Server UNIX adapter is not a straightforward process. Performing pass-through authentication on this adapter requires the following interactions between components:
Identity Manager <--> SecurID Unix Resource Adapter <--> SecurID Windows Adapter <--> Sun Identity Manager Gateway <--> RSA ACE Agent for Windows <--> RSA UNIX Server
Note the following configuration and implementation points when enabling pass-through authentication with the SecurID ACE/Server UNIX adapter:
The Sun Identity Manager Gateway and the RSA ACE Agent Host must reside on the same Windows host. See the Resource Configuration Notes section for more information.
If the UNIX RSA server lists itself as a client, the account used to authenticate users must be defined on the UNIX resource. See the Resource Configuration Notes section for more information.
You must specify a value for the ACE Server Authentication Resource resource parameter in the SecurID ACE/Server UNIX adapter. This value must match a resource name specified in a valid SecurID ACE/Server (for Windows) adapter.
SecurID’s authentication policies require that the UNIX SecurID server must be aware of the RSA ACE Agent for Windows. The sdconf.rec file must be present and configured correctly on the Windows host.
The RSA ACE Agent for Windows must be activated for users attempting to use pass-through authentication.
Identity Manager must be configured to use the SecurID ACE/Server or SecurID ACE/Server UNIX login module.
Candidate users for authentication must be configured with an Identity Manager role and organization.