I see that we have new authentication method as SecurID_Proxy available as authentication method for both SC and SSC. Is there any documentation around this ?
AM Version - AM 8.4 P12
This was an old feature that was never fully implemented, so was later hidden from the interface. The idea was a method to access the Security Console or Self Service console by an authentication request proxied to another Authentication Manager agent for validation in that remote Authentication Manager database.
If this method was included, the thought was that AM would call a client to another AM to authenticate to the console...whereas SecurID_Native = Local validation of SecurID.
What is the upgrade history ? 6.1 ---> 7.1 ---> 8.1 --->...perhaps ?
That looks like a bug, as securid_proxy was removed from the interface, and should not be visible.Though still is in the database from earlier versions. Perhaps there was a migration and the enable flag
was set to true....[you might need to open a support case to resolve this].
Here is the db info on that from my 22.214.171.124.0 Primary. I have no Securid_proxy on in the Security Console for auth methods yet it is in the database.
As a test I went in my db and set the enabled flag for Proxy to true and logged off logged back into Security Console and now I see SecurID_proxy as an option.
update rsa_rep.IMS_AUTHN_METHOD set enable_flag = true where method_name like '%Proxy%';
As a fix/workaround it just needs to be hidden, and you might set the flag to false. Make a database backup before proceeding.
update rsa_rep.IMS_AUTHN_METHOD set enable_flag = false where method_name like '%Proxy%';Then restart** the AM servers.
** I found setting to true, logoff/login showed SecurID_Proxy immediately, but when setting to false, I needed a restart to show the change and removal of the SecurID_Proxy option in the web interface.
Thanks Edward. This is useful information for us to review.
We came across some information that Engineering may be studying the re-purposing the SecurID_Proxy Authentication method. I'll do some research on the implications and follow up with you via support case.
There is no supported way to use the SecurID_proxy authentication method, and there has not been since Authentication Manager ver. 6.1.x. SecurID_proxy should not show as an option for Security or Self Service Console authentication. Engineering believes this method shows up in the Security console and Self-Service console in environments that had it configured in AM 6.1.x and then migrated that configuration to either 7.x or 8.x
The supported work-around is described by Ed Davis above, basically update an internal databse field to hide the SecurID_proxy authentication option. Be sure perform a database backup before attempting this work-around. Open a Support case if you would like assistance.
Retrieving data ...