2 FACTOR AUTHENTICATION

USING RSA SECUREID

RAGHAVENDRA MUNIRAMAIAH
TABLE OF CONTENTS

• What is RSA authentication?

• Components of RSA
• Integrate RSA tokens - with application
• Current use case
• Pre requisites
• Alternatives - Proposal
• Estimates/Timelines
• Q&A
WHAT IS RSA AUTHENTICATION?

• The RSA SecurID authentication mechanism consists of a "token" — either

hardware (e.g. a key fob) or software (a soft token) — which is assigned to a
computer user and which creates an authentication code at fixed intervals
(usually 60 seconds) using a built-in clock and the card's factory-encoded
almost random key (known as the "seed"). The seed is different for each
token, and is loaded into the corresponding RSA SecurID server (RSA
Authentication Manager, formerly ACE/Server) as the tokens are purchased.
On-demand tokens are also available, which provide a tokencode via email
or SMS delivery, eliminating the need to provision a token to the user.
COMPONENTS OF RSA

• RSA SecureID
• RSA Authentication Manager
• RSA Authentication Agent
INTEGRATE RSA TOKENS - WITH
APPLICATION
• To generate RSA tokens, an RSA Agent should be installed in respective environments(Windows/Unix etc)
where a web application is running or on a centralised server which is accessible to client and web
application server
• Clients should register with Agent by providing identity information like which device they want to generate
token, what is the application/server they wants to access with, username and password. Once registered,
RSA agent generates QR code and link and send back to registered user either by email or SMS
• Once Client install RSA-SecureID app in their device, by entering QR Code, a token can be seen in that app
which refreshes every second.
• To integrate the RSA authentication, web-application/website should first prompt for username and RSA
token, web-application should validate this by invoking API to RSA agent, if authenticated, a
success(test.html) should be returned to client else un-authorised message should to sent client with error
code.
CURRENT USE CASE

• www.scoriant.com/secure is the website which should

authenticate with RSA SecureID
• Modify the landing/home page where current flow is implemented
by changing/creating new page which can prompt for RSA token.
• Once client enters token with username, invoke REST API call to
RSA agent to validate this token
• If success, return test.html else 401 – unauthorized.
PRE REQUISITES

• RSA Agent and RSA authentication manager should to

installed at server side where website is running
• Current website should be capable of invoking REST
webservices
ALTERNATIVES – NEW PROPOSALS

• If current website is not capable of integrating with RSA

Agents, we can create an java application which acts as a
gateway to all requests of specified application. Also, RSA
authentication can be separated out of existing application
and have authentication at only gateway server which
reduces the load on current application
ESTIMATES/TIMELINES

• Following decisions are to be made from vendor

1. Since RSA is platform specific, a respective version of agent to be
installed in our environments for example, windows, linux and so on
2. RSA is not OPEN – SOURCE, it comes at certain cost
3. If current website is not supporting/ not willing to integrate RSA, a new
Java application should be created and all the URLs from existing
application to flow through this gateway.
4. Any other requirement ??
Based on the decision made for above queries, I can estimate the
efforts and Timelines can be proposed
Q&A

• Please feel free to reach out to us on

anandgopalakrishna@yahoo.co.in or ragramaiah@gmail.com