Dynamic Access Policies with RSA Authentication

Unanswered Question
Mar 4th, 2010
User Badges:

What is the best way to use DAP when using RSA for user authentication. I really do not want to have the users have to authenticate twice, once for tunnel authentication through RSA and then again for AD authentication. Is there a way to add users to groups on the RSA server and apply policies based on those groups?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tobyhouser Tue, 04/06/2010 - 14:33
User Badges:

I have a similar request ... I'm trying to setup DAP for two different AAA groups.  The first group (vendors) is authenticated to Windows Active Directory using LDAP and I check for a "member of" AAA attribute to define which DAP to apply.  This works correctly.

However, the second group (employees) is passed off to RSA using the SDI protocol, because our employees use tokens.  The DAP check for "member of" doesn't work.  It seems like RSA doesn't return the "member of" attribute ... or if it does, the ASA doesn't receive it.  Is it possible to use DAP for RSA authentication?  If so, how do you setup the AAA attributes?


This Discussion