RSA SecurID IdP Adapter settings reference - PingFederate

RSA SecurID Integration Kit

bundle: pingfederate-rsa-securid-ik
ft:publication_title: RSA SecurID Integration Kit
Product_Version_ce
category: Administrator; Audience; ContentType; English; Integration; Language; Product; Productdocumentation; RSASecurID; integrationdocx; pingfederate
ContentType_ce: Integration; Product documentation

Field descriptions for the RSA SecurID IdP Adapter configuration screen.

Standard Fields
Field	Description
RSA Authentication Agent	The unique name that you entered in the Hostname field in Registering PingFederate as an agent in the RSA Security Console , such as `MyPingFederate`. PingFederate uses this to identify itself to the RSA Authentication Manager API. If you've integrated the Authentication Manager with the RSA Cloud Authentication Service (CAS), you can leave this field blank if you fill out the Assurance Policy ID field instead.
RSA Base API URL	The base URL of the primary RSA Authentication Manager including the hostname, port number and REST URL root path. For example: `https://RSA_Authentication_Manager_Hostname:REST_API_Port/mfa/v1_1`. The default REST API port is `5555`.
RSA Access ID	A unique string that the RSA Authentication Manager uses to identify individual REST API client. This is required if the security key type is HMAC.
RSA Access Key	A unique string that the RSA Authentication Manager generates and uses as a shared secret with REST API clients.

Advanced Fields
Field	Description
Use Custom Cipher Suites	Cipher suites are used to send information securely when the adapter makes TLS requests to RSA Authentication Manager. Cleared (default) – The adapter uses all cipher suites available to the adapter. For a complete list, see Enum CipherSuites in the OkHttp documentation. Selected – Restricts the adapter to the cipher suites entered in the Custom Cipher Suites field. This allows your organization to use only cipher suites that meet your unique security standards. Select this if your environment has special requirements. This check box is cleared by default.
Custom Cipher Suites	The cipher suites that the adapter uses when Use Custom Cipher Suites is selected. Separate multiple ciphers with a comma. For example, `TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256`. For a complete list, see Enum CipherSuites in the OkHttp documentation. This field is blank by default.
Challenge Retries	The number of failed user authentications after which the account locking service blocks future attempts. Note: To enable this feature, follow the steps in Account lockout protection in the PingFederate documentation. The default value is `5`.
Security Key Type	The method of security key authentication to use against the RSA Authentication REST API. If Access Key is enabled, the plain key will be used. If HMAC is enabled an HMAC calculated from the Access Key, a hash of the request body, the Access ID, and other request-specific information will be used.
Assurance Policy ID	The access policy name that's configured in the Cloud Administration Console. You can get the access policy name from your Cloud Authentication Service Super Admin. Note: If you're using the RSA Authentication Manager integrated with the Cloud Authentication Service, you must enter a valid value for either the Assurance Policy ID field or the RSA Authentication Agent field.
Logout Path	Path on the PingFederate server to end a user's IdP session. Must include the initial slash. For example, `/mylogoutpath`. The value is added to the following to create the logout URL: https://`pf_host`:`port`/ext This field is blank by default.
Logout Redirect	The URL that the adapter redirects the user to after they log out. Applies only when Logout Path is set above. When provided, this URL takes precedence over any Logout Template specified below. This field is blank by default.
Logout Template	HTML template to render after the user logs out. Applies when Logout Path is set above and Logout Redirect is blank. The template file must be located in `<pf_home>`/server/default/conf/template. The default value is: `idp.logout.success.page.template.html`
Authentication Context Value	Additional information provided to the SP to assess the level of confidence in the assertion. This value will override the default authentication context used by the adapter. This field is blank by default.
Verify HTTPS Hostname	When a connection is established with RSA Authentication Manager, PingFederate matches the target host name against the names stored inside the server's X.509 certificate. This security measure ensures that PingFederate is connecting to the correct server. This check box is selected by default.
Override Internal User ID	Allows you to specify a custom user identifier attribute for authentication with RSA SecurID. By default, the adapter takes the `username` attribute from the PingFederate authentication policy and uses it for both frontend display and backend authentication with RSA Authentication Manager. To use a different attribute for backend authentication, select this check box and enter the custom attribute in the Internal User ID Attribute field. Not selected (default) Frontend display: `username` Backend authentication: `username` Selected Frontend display: `username` Backend authentication: `<custom attribute>` Note: In either case, if no `username` attribute is available, the user-facing template shows an error. This check box is cleared by default.
Internal User ID Attribute	When Override Internal User ID is selected, this field determines the user identifer attribute used to authenticate the user with RSA Authentication Manager. The attribute must be available in the PingFederate authentication policy. The attribute name is case sensitive. This field is blank by default.
Test Username	The username that's used to test the configuration on the Actions tab.
Messages Files	Identifies the customizable language-pack file that the adapter uses. If you customize the rsa-securid-messages.properties file name in the /server/default/conf/language-packs directory, enter the new name here. The default value is `rsa-securid-messages`.
Error Message Key Prefix	Prefix for error messages in the language pack. The default value is `rsa.securid.error`.
API Request Timeout	The amount of time in milliseconds that PingFederate allows when establishing a connection with RSA Authentication Manager or waiting for a response to a request. A value of 0 disables the timeout. The default value is `5000`.
Proxy Settings	Defines proxy settings for outbound HTTP requests. The default value is System Defaults.
Custom Proxy Host	The proxy server host name to use when Proxy Settings is set to Custom. This field is blank by default.
Custom Proxy Port	The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default.