Report for Verifying Which Users Have Activated Their CT-KIP Tokens

Document created by David Allison Employee on Mar 17, 2020Last modified by David Allison Employee on Mar 18, 2020
Version 2Show Document
  • View in full screen mode

If you need to know which of your tokens issued with CT-KIP have been activated, there is currently no report in the Security Console that will display this information.  However, there is a PSQL query that can be run to show just this information.

 

NOTE:  This requires setting up a read-only database user in order to run the PSQL query.  Refer to 000027335 - Connecting to or querying the database using pgSQL in RSA Authentication Manager 8.x for instructions on setting up the connection to the read-only database.

 

Once you have this set up, open a terminal or SSH connection to the Primary.  Once you have logged in as rsaadmin, run the following commands (replace rodbuser with the username for your read-only database):

 

cd /opt/rsa/am/pgsql/bin

 

Note that the next line is all one long line of text:

 

./psql -h localhost -p 7050 -d db -U rodbuser -c 'Select ctkipkey_last_downloaded_by, ctkipkey_last_downloaded_on from am_token where ctkipkey_last_downloaded_on is not null;'

 

 

Enter the password for the read-only database user when prompted.  The output will show how many total users were found:

 

output screenshot

 

To save the output as a text file, add  >/tmp/ctkip_report.txt (or similar) to the end of the command.   

 

BONUS:

If you want to output the file straight to CSV format, you would modify the command like this (changes in bold; note the semicolon has been removed after "not null"):

./psql -h localhost -p 7050 -d db -U rodbuser -c "copy (Select ctkipkey_last_downloaded_by, ctkipkey_last_downloaded_on from am_token where ctkipkey_last_downloaded_on is not null) TO STDOUT WITH CSV HEADER " > /tmp/report_ctkip-activations.csv

3 people found this helpful

Attachments

    Outcomes