RSA SecurID integrations

Known issues and limitations

The following are known issues or limitations for the RSA SecurID Integration Kit.

Known issues

There are no known issues.

Known limitations

  • The RSA SecurID Integration Kit is designed to work with the on-premises RSA Authentication Manager (AM).

    This integration kit works with the RSA AM when the AM is integrated with the RSA Cloud Authentication Service (CAS), but does not work directly with the RSA CAS.

  • When a push notification request that’s triggered by the RSA CAS’s Approve method times out on a registered device, the adapter automatically fails the authentication method.

  • Only RSA AM 8.7 SP2 and later integrated with CAS supports the Approve method’s Selection mode.

  • The adapter requires you to set a specific JVM option if you’re using PingFederate deployed in JDK 17 in BC FIPS mode. Update the JAVA_OPTS to set --add-opens=java.base/sun.security.internal.spec=ALL-UNNAMED in the run.sh and run.bat files.

    For example, in <pf_install>/pingfederate/bin/run.sh, add:

    # java 17 support
if [[ $JAVA_MAJOR_VERSION -eq "17" ]]; then
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/sun.security.internal.spec=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-exports=java.base/sun.security.x509=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-exports=java.base/sun.security.util=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-exports=java.base/sun.net.util=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-exports=java.base/sun.security.pkcs10=ALL-UNNAMED"
fi

    In <pf_install>/pingfederate/bin/run.bat, add:

    if %JAVA_PRODUCT_VERSION% == 17 (
set "PF_ENDORSED_DIRS_FLAG="
set JAVA_OPTS=%JAVA_OPTS% ^
--add-opens=java.base/java.lang=ALL-UNNAMED ^
--add-opens=java.base/java.util=ALL-UNNAMED ^
--add-opens=java.base/sun.security.internal.spec=ALL-UNNAMED ^
--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED ^
--add-exports=java.base/sun.net.util=ALL-UNNAMED ^
--add-exports=java.base/sun.security.pkcs=ALL-UNNAMED ^
--add-exports=java.base/sun.security.pkcs10=ALL-UNNAMED ^
--add-exports=java.base/sun.security.x509=ALL-UNNAMED ^
--add-exports=java.base/sun.security.util=ALL-UNNAMED
)