Configure SafeNet Authentication Flows

Once Keycloak Agent is installed, SafeNet OTP Flow is the default authentication flow.

Perform the following steps to configure authentication flow:

1. In the left pane, select the realm, and select Authentication.

2. In the right pane, click the Flow tab, and select SafeNet OTP Flow from the drop-down list.

   

3. In the right pane, select Config from the Actions drop-down list to configure this flow (SafeNet Authentication Form).

   

   SasAuthConfig configuration page is displayed.

   

4. On the configuration page, enter the following details:

   • Agent BsidKey: Contents of Agent.bsidkey

   Perform the following steps to download the Agent BSID Key:

   1. Login to the SAS PCE console, go to Virtual Servers > Comms > Authentication Processing > Authentication Agent Settings.

   2. Click Download to download the agent.bsidkey file.

   

   • Token Validator URL

     Copy Token Validator URL from the Authentication Agent Settings as shown above.

     
     http(s)://<sas_server_ip>:<port>/TokenValidator/TokenValidator.asmx?orgCode=<OrgCode>
     
     
     

   • Set OTP Auto Trigger Enabled

     Toggle this setting to enable/disable the auto-trigger of OTP. If enabled, the challenge automatically generates the enrolled token in SAS PCE.

   • User Id Mapper (Optional)

     This field can be used in conjunction with LDAP User Provider to send different user attribute as an Username to SAS. This field value can be the name of any LDAP Mapper. If not defined, default Username from the request is sent to SAS.

   

5. Click Save.

Repeat steps 1 to step 5 for configuring the other two flows:

1. SafeNet LDAP OTP flow
2. SafeNet OTP UserIdProvided Flow