Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038850 - Create a report of online emergency access tokencodes and emergency access tokencode lifetimes for RSA Authentication Manager 8.x

Document created by RSA Customer Support

on May 28, 2020

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038850
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x
Issue	RSA Authentication Manager does not have a report template that includes the following content under Online Emergency Access: Type of emergency access tokencodes: Temporary fixed tokencode, or Set of one time tokencodes Emergency access tokencode lifetime This article explains how to create such a report using command line.
Resolution	To create the report: Enable Secure Shell on the Appliance. Log On to the Appliance Operating System with SSH. Launch an SSH client, such as PuTTY. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password. During Quick Setup, another username may have been selected. Use that username to log in. login as: rsaadmin Using keyboard-interactive authentication. Password:<enter operating system password> Last login: Mon Apr 20 16:39:41 2020 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am Connect to the RSA Authentication Manager database and enter credentials for the Operations Console administrator when prompted. The .com.rsa.db.dba.password is returned. This password is unique to each deployment of RSA Authentication Manager. rsaadmin@primary:~> cd /opt/rsa/am/utils rsaadmin@primary:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> com.rsa.db.dba.password: ijMFjf61f2VZMA2JMBmOnJqUSYsXby Access the database with the com.rsa.db.dba.password captured above: rsaadmin@primary:/opt/rsa/am/utils> cd ../pgsql/bin rsaadmin@primary:/opt/rsa/am/pgsql/bin> ./psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: <enter the com.rsa.db.dba.password captured in step 6> psql.bin (9.4.1) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off) Type "help" for help. db=# Run the following query to get both the set of one time tokencodes and temporary fixed tokencodes: db=# SELECT ipd.loginuid, TOKEN_TEMP_STATUS_EXPIRY_DATE, amt.emergency_access_mode, amt.serial_number FROM rsa_rep.ims_principal_data ipd, rsa_rep.am_token amt WHERE ipd.ID= amt.principal_id AND TOKEN_TEMP_STATUS_EXPIRY_DATE is not null; loginuid \| token_temp_status_expiry_date \| emergency_access_mode \| serial_number ----------+-------------------------------+-----------------------+--------------- iman \| 2020-05-26 21:59:00 \| 2 \| 000116033641 (set of one time tokencodes) camerica \| 2020-05-26 21:59:00 \| 1 \| 000116033642 (temporary fixed tokencode) (2 rows) Where, 1 = Temporary fixed tokencode 2 = Set of one time tokencodes To list the temporary fixed tokencode only: db=# SELECT ipd.loginuid, TOKEN_TEMP_STATUS_EXPIRY_DATE, eac_expires_on, amt.serial_number FROM rsa_rep.ims_principal_data ipd, rsa_rep.am_token amt WHERE ipd.ID= amt.principal_id AND amt.EMERGENCY_ACCESS_MODE=1; loginuid \| token_temp_status_expiry_date \| eac_expires_on \| serial_number ----------+-------------------------------+----------------+--------------- camerica \| 2020-05-26 21:59:00 \| \| 000116033642 (1 row) To list a set of one time tokencodes only: db=# SELECT ipd.loginuid, TOKEN_TEMP_STATUS_EXPIRY_DATE, eac_expires_on, amt.serial_number FROM rsa_rep.ims_principal_data ipd, rsa_rep.am_token amt WHERE ipd.ID= amt.principal_id AND amt.EMERGENCY_ACCESS_MODE=2; loginuid \| token_temp_status_expiry_date \| eac_expires_on \| serial_number ----------+-------------------------------+----------------+--------------- iman \| 2020-05-26 21:59:00 \| \| 000116033641 (1 row) For a list of previously configured tokens and users (not enabled for Online Emergency Access anymore): db=# SELECT ipd.loginuid, TOKEN_TEMP_STATUS_EXPIRY_DATE, eac_expires_on, amt.serial_number FROM rsa_rep.ims_principal_data ipd, rsa_rep.am_token amt WHERE ipd.ID= amt.principal_id AND amt.EMERGENCY_ACCESS_MODE=0; loginuid \| token_temp_status_expiry_date \| eac_expires_on \| serial_number ----------+-------------------------------+---------------------+--------------- dstrange \| \| 2020-06-11 23:59:59 \| 000116033640 dstrange \| \| 2019-09-20 23:59:59 \| 000406113859 (2 rows)

Attachments

Outcomes

0 Comments

Recommended Content