• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1373
  • Last Modified:

RSA SecurID, Cisco ASA, Lotus Domino 8.5.2 Integration

Hi, Is any way to join all together?
In my scenario I would like to create system where user
using RSA SecurID one time password logging to SSL webportal
and openning webmail site without entering static lotus notes password.
Is it possible?
1 Solution
I am not clear about this question, so it may help if further information can be provided.

Using a secured token for one time password, a remote user can connect to his / her mail box. But they need to provide their corporate network password in order to login.

Could you please rephrase your question?


pawnazAuthor Commented:
Using a OTP token, a remote user can establish connection to VPN portal (clientless webVPN) only.
After that user must use another pair of login/password to use webmail or other web application during vpn session.
The goal is use only one time password to access vpn portal and next webapplication, Lotus Domino mail or IIS intranet webpage.
I am not an expert on VPN but I have had some exposure to it. The way it works, is that you have various levels of authentication. The fist level of enthentication is using the one-time password with other details such as the VPN host IP address, to get to the corporate network. Once there, you need another level of authentication your employee user ID (if that has not be requested during the first level) and your corporate network password. This is the scenario you described in the fist paragraph above.
It may be possible to use just  the one-time password. I have never seen it done that way but it may be possible. What you have to remember, is that you do not want to compromise security, which is why you have different level of security. Also, passwords have to be made to age within 30 days etc.
There may be a VPN expert in the house to post a comment.
Good luck.
If I undestand it properly, what you are trying to achieve is SSO between ASA SSL VPN and Domino after a strong authentication based on RSA SecurID.
From what I know, the way ASA would do this is not a real SSO (sharing of signed cookie/ltpa token), but it would pass the same credentials used for authenticating to the SSL VPN to the Domino web server.
Now this will fail for two reasons:
1) since your user authenticated via SecurID, the password is not valid anymore (it is a one time password),
2) Domino would have no way of verifying the SecurID passcode
so there is no way to do it AFAIK.
An alternative is to look for an RSA SecurID agent that you can deploy on Domino itself.
In this scenario you would get RSA SecurID strong authentication and one shot access to Domino which is what you were trying to achieve (I believe). Domino can use LTPA token that can be used for SSO so the user can roam to other servers.
After Googling there seem to be two agents that do this:
1) Amiura SignOn Agent
2) Winchester Business Systems AtSignOn
QlemoBatchelor and DeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now