Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Step 1 Choose either of the following options:

To reset node secret on the agent host, check the Remove securid file on submit check box.

If you reset the node secret on the agent host, you must reset the agent host’s node secret in the RSA server.

To reset the status of servers in the realm, check the Remove sdstatus.12 file on submit check box.

Step 2 Click OK.

Related Topics

RSA SecurID Server, page 8-54

Creating and Editing RSA SecurID Token Servers, page 8-55

Configuring ACS Instance Settings, page 8-57

Editing ACS Instance Settings, page 8-57

Configuring Advanced Options, page 8-59

Configuring Advanced Options

Use this page to do the following:

Define what an access reject from an RSA SecurID token server means to you.

Enable identity caching—Caching users in RSA is similar to caching users in Radius Token with the logic and the purpose of the caching being the same. The only difference is that in RSA there is no attribute retrieval for users and therefore no caching of attributes. The user who is authenticated is cached, but without any attributes.

To configure advanced options for the RSA realm:

Step 1 Do one of the following:

Click the Treat Rejects as Authentication failed radio button—ACS to interprets this as an authentication reject from an RSA SecurdID store as an authentication failure.

Click the Treat Rejects as User not found radio button—ACS interprets this as an authentication reject from an RSA SecurID store as “user not found.”

Step 2 Enable identity caching to allow ACS to process requests that are not authenticated through the RSA server.

The results obtained from the last successful authentication are available in the cache for the specified time period.

Step 3 Check the Enable identity caching check box.

Step 4 Enter the aging time in minutes.

The identity cache stores the results of a successful login only for the time period specified here.

Step 5 Click Submit.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

8-59

 

 

 

 

 

Page 210 Page 212
Page 211
Image 211
Cisco Systems OL-24201-01 manual Configuring Advanced Options, Check the Enable identity caching check box
Page 210 Page 212
Top Page Image Contents