Change the Timeframe for Using REST Protocol Authentication Agent Credentials

Document created by RSA Information Design and Development Employee on Jul 27, 2020Last modified by RSA Link Admin on Sep 18, 2020
Version 2Show Document
  • View in full screen mode

After you use the RSA SecurID Authentication API to regenerate agent credentials, REST Protocol authentication agents can use the previous Access ID and Access Key for up to 60 days or a timeframe that you specify. This allows authentication to continue until the agents receive the new credentials. If necessary, you can extend the timeframe.

Note:  If you believe the Access ID and Access Key have been compromised, instead of changing the timeframe, regenerate credentials two times before providing the new credentials to your agents.

Before you begin 

Obtain the rsaadmin operating system password.

Procedure 

  1. Log on to the appliance using an SSH client.
  2. When prompted for the user name and password, enter the operating system User ID, rsaadmin, and the operating system account password.
  3. Change directories:

    cd /opt/rsa/am/utils

  4. To change the number of days that REST protocol authentication agents can use the previous agent credentials, enter:

    ./rsautil store -o admin -a update_config auth_manager.rest_service.old_access_retain_days Number GLOBAL 503

    Where Number is the number of days, for example, 90.

  5. Restart the services on the primary instance. If there are replica instances, restart the services after replication is complete.
    1. c. Change directories:
    2. cd /opt/rsa/am/server

    3. Run the following:
    4. ./rsaserv restart all

 

 

 

 

 

You are here
Table of Contents > RSA SecurID Authentication API for Authentication Agents > Change the Timeframe for Using REST Protocol Authentication Agent Credentials

Attachments

    Outcomes