If SecurID is installed on Windows, the adapter will interface with the apidemon that is shipped with the installed version of RSA ACE/Server. Copy the apidemon from the ACE/Server installation directory (by default, c:\ace\utils\toolkit\apidemon.exe) to c:\winnt\system32 or c:\windows\system32 Note that the RSA ACE 6.1 apidemon.exe is in the ACEInstallDir\prog directory.
The UNIX adapter uses the RSA ACE/Server Administration Toolkit TCL API. This API must be located in the ACEInstallDir/utils/tcl/bin directory. The value of ACEInstallDir is specified as a resource parameter. The toolkit must be configured as described in the Customizing Your RSA ACE/Server Administration publication provided by RSA.
In addition, ensure that the following conditions are true so that you can manage RSA Users and other ACE database objects through Identity Manager:
The SecurID user name specified in the Administrator Login (on the Windows adapter) or the Login User (on the UNIX adapter) resource parameter exists in the ACE/Server. If not, create an ACE user with the same default login name.
This SecurID user must login to the ACE/Server with a password instead of a tokencode. Set the RSA ACE Server user’s password to the same value specified on the adapter.
If the current RSA ACE Server system policy does not allow a password to be set using the characters you need (for example, an alphanumeric PIN), or if you need to change the default setting for user password expiration, edit the system parameters on the RSA ACE Server Database console.
A password changed through the RSA ACE Server administrator console is a one-time password that will expire the first time this user logs in. Use the RSA ACE Agent Test Authentication facility to login so that you can change the user’s password to one that will not expire immediately. Note that you may change it to the same value, so it’s still the same as the password specified in the resource adapter.
On Windows, an RSA ACE Agent Host must be added for the host where the Identity Manager gateway is running. This can be configured from the Database Administration - Host Mode console interface on the system where the RSA ACE Server is running. You must configure the DNS host name and network address, and you must specify which users have access. In addition, the agent type must be set to Net OS Agent.
If a SecurId group name or site name contains a comma, Identity Manager might not be able to parse the name correctly. Avoid using commas in SecurId group names and site names.