Forum Stats

  • 3,874,823 Users
  • 2,266,777 Discussions
  • 7,911,972 Comments

Discussions

Oracle SGD and RSA SecurID Integration Questions

Dana Repouille
Dana Repouille Member Posts: 21 Blue Ribbon
edited Feb 11, 2020 11:31AM in Secure Global Desktop

We have configured Oracle Secure Global Desktop 5.4 with the RSA SecureID two factor capability but had a question on the behavior of the integration.

A user logs into SGD by entering the username and passcode (pin + secure ID code) into the initial SGD login prompt.

SGD eventually loads displaying the SGD desktop and the user select an application location on the workspace navigation panel.

At this point, the user is prompted again for the username/password and then the passcode and the application starts as expected.

With RSA SecureID, the pin is a one-time use only and the user must wait a minute for the pin to change on the SecureID keyfob before they can access the application.

Is this the expected behavior of SGD with RSA SecureID integrated?

Is there a way to NOT prompt for username/password/passcode when starting the application?

Answers

  • Jan-Oracle
    Jan-Oracle Member Posts: 122 Employee
    edited Jan 23, 2020 9:20AM

    Hello

    A user logs into SGD by entering the username and passcode (pin + secure ID code) into the initial SGD login prompt.SGD eventually loads displaying the SGD desktop and the user select an application location on the workspace navigation panel.At this point, the user is prompted again for the username/password and then the passcode and the application starts as expected.

    is it the SGD server that prompts again, or the application server? Is the application launched on the SGD server itself, or a 3rd system?

  • Dana Repouille
    Dana Repouille Member Posts: 21 Blue Ribbon
    edited Jan 27, 2020 3:05PM

    Below describes the steps we are currently experiencing when
    logging into SGD using RSA SecurID.

    The user enters SGD URL and is prompted for
    username/password as below: 

     
      pastedImage_0.png

    User enters username and passcode and the desktop is displayed
    similar to below:

    pastedImage_1.png

    The user selects the desktop application for standard GNOME
    desktop and is prompted for username as below:


    pastedImage_2.png

    The user enters their username and selects “OK” and then is
    prompted to enter passcode as below:

    pastedImage_4.png

    After entering the passcode, the GNOME desktop is displayed.

    User is prompted to enter the passcode as part of initial
    login and when launching the GNOME desktop.

    Is it normal to be prompted twice or could it be configure
    to only prompt during initial login?

  • Jan-Oracle
    Jan-Oracle Member Posts: 122 Employee
    edited Jan 27, 2020 3:33PM

    Have you installed the latest patches for SGD 5.4? There was a defect we recently fixed.

  • Dana Repouille
    Dana Repouille Member Posts: 21 Blue Ribbon
    edited Feb 3, 2020 10:51AM

    We are using Patch 29204564: PATCHSET 3 FOR ORACLE SECURE GLOBAL DESKTOP V5.4.

    We can try installing PATCHSET 6 to see if the behavior changes.

  • Dana Repouille
    Dana Repouille Member Posts: 21 Blue Ribbon
    edited Feb 5, 2020 10:14AM

    We have installed PATCHSET 6 for SGD 5.4.  We are still being prompted twice for the RSA token. Is this the expected behavior?

  • Jan-Oracle
    Jan-Oracle Member Posts: 122 Employee
    edited Feb 6, 2020 3:17PM

    That is not normal but depends on how RSA is implemented. Which host is the application (Gnome desktop) launched on? Is that host integrated with RSA?

  • Dana Repouille
    Dana Repouille Member Posts: 21 Blue Ribbon
    edited Feb 11, 2020 9:39AM

    >> Which host is the application (Gnome desktop) launched on?

    The Gnome desktop is launched on the same host where SGD resides.

    >> Is that host integrated with RSA?

    We have the host running RHEL 7 with it configured to require RSA passcode to log into the system.  For example, if a user logs into the console, they are required to put in their passcode to access the host.

  • Jan-Oracle
    Jan-Oracle Member Posts: 122 Employee
    edited Feb 11, 2020 11:31AM

    I believe this should answer your question. The SGD server (RHEL7) uses RSA SecurID to authenticate. When launching an application on that same server, it will use ssh and go through the same SecurID protection, unless you configure pam or securID not to be active for ssh connections.