Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- User and user group setup and security
- SA users and user groups
- Managing users
- Managing user groups
- Setting permissions on user groups
- Setting password, account, and session security policies
- Managing super administrators
- Managing customer administrators and customer groups
- Authenticating with an external LDAP directory service
- SA Common Access Card (CAC) and Personal Identity Verification (PIV) Smart Card integration
- SA/RSA SecurID® integration
- Configuring SA/SecurID integration
- User and Security Reports
Configuring RSA SecurID integration
Support for RSA SecurID authentication is integrated into the SA Core and is installed when the SA Core is installed. However, there are several configuration steps that you must complete to begin using RSA SecurID/SA authentication. The SA Core must also have the IP address of the SecurID authentication server and be able to communicate with it in a secure manner.
If you have multiple slices installed in an SA core, the following steps must be performed for each Slice Component bundle host.
- Phase 1: The RSA SecurID authentication configuration file
- Phase 2: Enable RSA SecurID authentication in SA
- Phase 3: Creating or modifying SA users to use SecurID authentication
Phase 1: The RSA SecurID authentication configuration file
- Contact your RSA SecurID administrator and obtain the file:
sdconf.rec - Copy this file to the following location on all servers in the core that host a Web Services Data Access Engine (twist):
/var/opt/opsware/crypto/twist - Set the file permissions on each server to give the
twistuser ownership of this file and read privileges:chmod 400 /var/opt/opsware/crypto/twist/sdconf.recchown twist /var/opt/opsware/crypto/twist/sdconf.rec - Ensure that there is no
securidorsdstatus.12file in the/var/opt/opsware/crypto/twistdirectory. If either of these files exist, remove them.
Phase 2: Enable RSA SecurID authentication in SA
- By default, RSA SecurID authentication is not enabled. To enable it, on every server in the core that hosts a Web Services Data Access Engine (twist), shut down this component with the following command:
/etc/init.d/opsware-sas stop twist - Locate the file:
/etc/opt/opsware/twist/loginModule.confEdit the file and add the line marked in bold in the example below:
TruthLoginModule {com.opsware.login.SecurIDLoginModule sufficient debug=falsenext_tokencode_mode=false new_pin_mode=false;com.opsware.login.TruthLoginModule sufficient debug=false;}; - Restart the Web Services Data Access Engine on all servers with the following command:
/etc/init.d/opsware-sas start twist - If you have multiple Slice Component bundles installed, stop the Command Center (OCC) server and HTTPs proxy on all other Slice Component bundle hosts.
- At this point only the Command Center for the Slice Component bundle host that is being configured as the RSA server is running. Log into that host’s OCC. This will generate the node secret (
securidfile) and thesdstatus.12file in the/var/opt/opsware/crypto/twistsubdirectory as well as register the Slice Component bundle server with ACE. - You can now start the OCC and HTTPs proxies on all the other Slice Component bundle hosts in the Core.
Phase 3: Creating or modifying SA users to use SecurID authentication
Each user that is to use SecurID Authentication must first exist as an authenticated user in the RSA SecurID authentication server (ACE server) and then must either be created or modified in the SA Client to use SecurID authentication.
In the SA Client, on the user’s Profile page, specify that the user’s Credential Store should be RSA 2-factor.
For detailed information about creating or modifying users, see Managing users.
Authentication Failed error messages, first check with your RSA SecurID administrator to insure that the user and passcode is still valid. If you are unable to solve the problem, contact your technical support representative.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: