Each OAM SecurID Server must be registered as a separate agent with the RSA Authentication Manager. This provisions the OAM SecurID Server with its own node secret file. Every OAM SecurID Server must have its configuration file stored under $DOMAIN_HOME/config/fmwconfig/servers/$SERVER_NAME/oam.
If the RSA SecurID authentication plug-in returns an error, it is logged in the OAM Server log. Web Server logs can also provide clues as to what might be going wrong. Be sure the enable logging on your Web server.
If communication has been established between the Access Server and Authentication Manager, the sdadmin tool provides access to logs under the Report menu. Both Activity and Exception reports may give you helpful information.
Verify Authentication Manager Logging Configuration and Reports
Confirm that you have added the user and assigned a token using the Authentication Manager Administrator tool, sdadmin.
Verify that you have copied the sdconf.rec file to the OAM Server.
In the Authentication Manager console, Report menu, open Activity and Exception reports for helpful information.
Check SecurID Plug-In Parameters with Modified HTML Fields
If you have modified the HTML field names in the HTML forms, ensure that the RSA SecurID plug-in parameters are configured to match.
Remove the @ character From any Login Attribute Value
User login can fail if there is an at-sign (@) in the login attribute value. This is a known issue with SecurID.