RSA SecurID Web Agent Issue

I have an issue which is partially a security question, and partially a
web programming issue. I have the RSA Authentication Manager 6.1 deployed
and am looking to integrate a Web SSO to it. The web SSO product, however,
is not the RSA SSO product, so a bit of customization must occur.

My issue is that I have been looking at the UNIX agent C API that comes
for Solaris, HPUX and AIX. I am trying to integrate authentication into a
webpage which is a CGI. The back end server process is run like a CGI
program, which is to say that it is invoked by the webserver as a
standalone program, it executes and renders a webpage, then ends. It is
not a mod_ or a ISAPI filter.

When a token enters NEXT_TOKENCODE mode or NEW_PIN mode, I must render a
page then close the socket, kill the pid and most importantly, lose the
authentication handle to the Auth manager. Once that happens, the token's
account is locked by the Auth Manager. I need a way to create persistence
so that the authentication manager can request the next tokencode, and I
can render that to the user and get back the new information and pass it
to the auth manager within the same session.

I've had some trouble communicating this with RSA. They talk about things
like the Web Agent for IIS, or the J2EE web agent, which can be used to
protect web content and seemingly handles next_tokencode mode correctly.
But I'm not a web administrator looking to protect a path, I'm looking to
take authentication information over SSL and do the authentication,
passing the userid and OTP to the AUth Manager, and then set a session
cookie on the browser if succeed.

While the actual SSO program is in C, I've written a very simple example
perl CGI program to work with this problem. I'm going to go look at CPAN
and find out if they have a securID module that can handle next tokencode
mode and new pin mode, but I thought I'd stop by here and ask if anybody
has done this before. Seems simple enough. I've been searching sourceforge
and elsewhere, but don't find anyone who acts as an agent host in this
semi-stateless manner. Has anyone solved this problem in an elegant
manner? All tips appreciated.

--


.

Relevant Pages

  • Re: IWA automatically re-enables on OWA folders.
    ... IIS Manager, the problem may be a process called DS2MB, where the settings ... Go into ESM, server, protocols, HTTP, Exchange Virtual Server, Exchange ... properties, then Access tab, Authentication button. ...
    (microsoft.public.exchange.admin)
  • RE: Forms Authentication vs MembershipProvider
    ... You can send feedback directly to my manager at: ... Subject: Forms Authentication vs MembershipProvider ... I am currently stuck trying to rearrange our sourcecontrol systems so that ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: User Authentication
    ... You can send feedback directly to my manager at: ... IIS and ASP.NET authentication modules and our application just need to do ... One thing is that if you test if via Visual studio test server, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Merge replication
    ... Windows Synchronization Manager does support using NT authentication. ... fact I recommend using NT Authentication, as SQL Authentication requires you ...
    (microsoft.public.sqlserver.replication)
  • Re: Recommendation for a good two-factor authentication product
    ... two-factor authentication solution that meets the following ... customer support is severely lacking) ... Since DLN asked specifically about the RSA story, ... SecurID with RSA's Local Authentication Client. ...
    (microsoft.public.windows.server.security)