Note: The LoadMaster can only use one RSA server at a time.

In the LoadMaster Web User Interface (WUI), follow the steps below:

  1. In the main menu, select Virtual Services and Manage SSO.
    Note: For steps on how to configure an SSO domain and ESP, refer to the ESP, Feature Description document.

  2. Click Modify on the relevant SSO domain.

  3. Select RSA-SecurID as the Authentication protocol.
    Note: It is also possible to select RSA-SecurID and LDAP as the Authentication Protocol. If this is selected, the LDAP Endpoint will also need to be selected.
  4. In the RSA-SecurID Server(s) text box, enter the address(es) of the RSA-SecurID server(s) that are used to validate this domain.
  5. Click Set RSA-SecurID Server(s).
  6. In the RSA Authentication Manager Config File field, click Choose File.
  7. Browse to and select the file exported in the Export the Authentication Manager Configuration section.
  8. Click Set RSA AM Config.
  9. Enter the login domain to be used in the Domain/Realm text box.
    Note: This is also used with the logon format to construct the normalized username, for example; - Principalname: <username>@<domain> - Username: <domain>\<username>
    Note: If the Domain/Realm field is not set, the Domain name set when initially adding an SSO domain is used as the Domain/Realm name.
  10. Select the relevant option for Logon Format (Phase 1 RSA-SecurID).
  11. Select the relevant option for Logon Format (Phase 2).
    Note: The different logon formats are described below: - Not Specified: The username will have no normalization applied to it - it is taken as it is typed. - Principalname: Selecting this as the Logon format means that the client does not need to enter the domain when logging in, for example username@domain. The SSO domain added in the corresponding text box is used as the domain in this case. - Username: Selecting this as the Logon format means that the client needs to enter the domain and username, for example domain\username. - Username Only: Selecting this as the Logon Format means that the text entered is normalized to the username only (the domain is removed).
  12. Enter the Test User and click Set Test User.
  13. Enter the Test User Password and click Set Test User Password.
Note: The LoadMaster will use this test information in a health check of the SecurID Server. These details are static and should be set in the RSA management WUI. This health check is performed every 20 seconds.