+

Search Tips   |   Advanced Search

RSA token authentication settings

Use this panel to configure RSA token authentication.

To view this administrative console page, click Security > Global security. Under Administrative security click Administrative authentication.

The administrative authentication method is used when an administrative process on this profile connects to another profile. If the primary authentication method is set to RSA token and that primary method fails, the system attempts to use the current application authentication method (which could be SWAM, Kerberos, or LTPA for example).

SWAM is deprecated and will be removed in a future release.


RSA token (recommended for flexible systems administration)

RSA token is an authentication mechanism using certificates for signing and encryption portions of the security information being propagated.

Information Value
Default: Enabled


Data encryption keystore

This is the keystore containing the personal certificate used to encrypt and sign RSA tokens.

Information Value
Data type: text


Personal certificate for encryption

This is the alias found in the Data encryption keystore used to encrypt and sign RSA tokens.

Information Value
Data type: text


Trusted signers keystore

This is the keystore used to contain signer certificates that can validate RSA tokens sent by other servers. The RSA token contains a sending certificate that needs to be validated by this trust store using a CertPath validation.

Information Value
Data type: text


Nonce cache timeout

Amount of time, in minutes, that the issued token is valid.

This field displays the maximum timeout, in minutes, for a token to be considered valid.

Information Value
Data type: Integer
Default: 20
Minimum: 10
Maximum: Integer.MAX_VALUE


Token timeout

Amount of time, in minutes, that the issued token is valid.

This field displays the maximum timeout, in minutes, for a token to be considered valid.

Information Value
Data type: Integer
Default: 10
Minimum: 10
Maximum: Integer.MAX_VALUE


Only use the active application authentication mechanism (currently LTPA)

Select to encrypt authentication information so that the application server can send the data from one server to another in a secure manner.

The encryption of authentication information that is exchanged between servers involves the LTPA mechanism.


Kerberos

Select to encrypt authentication information so that the application server can send the data from one server to another in a secure manner.

The encryption of authentication information that is exchanged between servers involves the Kerberos mechanism.

Kerberos must be configured before this option can be selected.


Related concepts

  • Job manager security