03-04-2010 04:49 AM - edited 03-10-2019 04:59 PM
What is the best way to use DAP when using RSA for user authentication. I really do not want to have the users have to authenticate twice, once for tunnel authentication through RSA and then again for AD authentication. Is there a way to add users to groups on the RSA server and apply policies based on those groups?
Thanks
03-14-2010 05:46 PM
Hi,
You want to do group mapping with RSA? if yes please see the following documentation.
Yopu can authenticate against RSA and authorize using LDAP.
Regards,
04-06-2010 02:33 PM
I have a similar request ... I'm trying to setup DAP for two different AAA groups. The first group (vendors) is authenticated to Windows Active Directory using LDAP and I check for a "member of" AAA attribute to define which DAP to apply. This works correctly.
However, the second group (employees) is passed off to RSA using the SDI protocol, because our employees use tokens. The DAP check for "member of" doesn't work. It seems like RSA doesn't return the "member of" attribute ... or if it does, the ASA doesn't receive it. Is it possible to use DAP for RSA authentication? If so, how do you setup the AAA attributes?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: