RSA SecurID IdP Adapter settings reference
Field descriptions for the RSA SecurID IdP Adapter configuration screen.
| Field | Description | ||
|---|---|---|---|
RSA Authentication Agent |
The unique name that you entered in the Hostname field in Registering PingFederate as an agent in the RSA Security Console , such as
|
||
RSA Base API URL |
The base URL of the primary RSA Authentication Manager including the hostname, port number and REST URL root path. For example: The default REST API port is |
||
RSA Access ID |
A unique string that the RSA Authentication Manager uses to identify individual REST API client. This is required if the security key type is HMAC. |
||
RSA Access Key |
A unique string that the RSA Authentication Manager generates and uses as a shared secret with REST API clients. |
| Field | Description | ||
|---|---|---|---|
Use Custom Cipher Suites |
Cipher suites are used to send information securely when the adapter makes TLS requests to RSA Authentication Manager. Cleared (default) – The adapter uses all cipher suites available to the adapter. You can find a complete list in Enum CipherSuites in the OkHttp documentation. Selected – Restricts the adapter to the cipher suites entered in the Custom Cipher Suites field. This allows your organization to use only cipher suites that meet your unique security standards. Select this if your environment has special requirements. This check box is cleared by default. |
||
Custom Cipher Suites |
The cipher suites that the adapter uses when Use Custom Cipher Suites is selected. Separate multiple ciphers with a comma. For example, You can find a complete list in Enum CipherSuites in the OkHttp documentation. This field is blank by default. |
||
Challenge Retries |
The number of failed user authentications after which the account locking service blocks future attempts.
The default value is |
||
Security Key Type |
The method of security key authentication to use against the RSA Authentication REST API. If Access Key is enabled, the plain key will be used. If HMAC is enabled an HMAC calculated from the Access Key, a hash of the request body, the Access ID, and other request-specific information will be used. |
||
Assurance Policy ID |
The access policy name that’s configured in the Cloud Administration Console. You can get the access policy name from your Cloud Authentication Service Super Admin.
|
||
Logout Path |
Path on the PingFederate server to end a user’s IdP session. Must include the initial slash. For example, The value is added to the following to create the logout URL: https://pf_host:port/ext This field is blank by default. |
||
Logout Redirect |
The URL that the adapter redirects the user to after they log out. Applies only when Logout Path is set above. When provided, this URL takes precedence over any Logout Template specified below. This field is blank by default. |
||
Logout Template |
HTML template to render after the user logs out. Applies when Logout Path is set above and Logout Redirect is blank. The template file must be located in The default value is: |
||
Authentication Context Value |
Additional information provided to the SP to assess the level of confidence in the assertion. This value will override the default authentication context used by the adapter. This field is blank by default. |
||
Verify HTTPS Hostname |
When a connection is established with RSA Authentication Manager, PingFederate matches the target host name against the names stored inside the server’s X.509 certificate. This security measure ensures that PingFederate is connecting to the correct server. This check box is selected by default. |
||
Override Internal User ID |
Allows you to specify a custom user identifier attribute for authentication with RSA SecurID. By default, the adapter takes the To use a different attribute for backend authentication, select this check box and enter the custom attribute in the Internal User ID Attribute field.
This check box is cleared by default. |
||
Internal User ID Attribute |
When Override Internal User ID is selected, this field determines the user identifer attribute used to authenticate the user with RSA Authentication Manager. The attribute must be available in the PingFederate authentication policy. The attribute name is case sensitive. This field is blank by default. |
||
Test Username |
The username that’s used to test the configuration on the Actions tab. |
||
HTML Template Prefix |
A file prefix that identifies the customizable HTML templates that the adapter instance uses. The template files must be located in
The default value is: RSASecurIDIdPAdapter. |
||
Messages Files |
Identifies the customizable language-pack file that the adapter uses. If you customize the The default value is |
||
Error Message Key Prefix |
Prefix for error messages in the language pack. The default value is |
||
API Request Timeout |
The amount of time in milliseconds that PingFederate allows when establishing a connection with RSA Authentication Manager or waiting for a response to a request. A value of 0 disables the timeout. The default value is |
||
Proxy Settings |
Defines proxy settings for outbound HTTP requests. The default value is System Defaults. |
||
Custom Proxy Host |
The proxy server host name to use when Proxy Settings is set to Custom. This field is blank by default. |
||
Custom Proxy Port |
The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default. |