000026607 - How to programmatically re-enable expired Java Admin API PsoAceAdmin administrator password

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 14, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026607
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 1.0, 2.0, 5.2, 6.1
IssueThis article explains how to programmatically re-enable an expired Java Admin API user (PsoAceAdmin) administrator password.
The PsoAceAdmin password credential expires periodically, which causes new PIN Mode-related authentication responses from the Authentication Manager to the PsoAceAdmin client application.
PsoAceAdmin sample code does not handle this scenario.
 
ResolutionHere is example code for resetting the existing password.  The added code would follows the initial call to SD_SendPasscode in sample newtest.Java.  Note that print statements are just to demonstrate the values coming back from the Authentication Manager:
?
            List result;
            int resultCode;
            String prompt;
            String no = "n";
?
            admin.SD_Login(args[4]); // an admininstrator login
            result = admin.SD_SendPasscode(args[5] ); // their password
 
//add some ability to handle expired password
            resultCode=( (Integer) result.get(0)).intValue();
            prompt = ((StringBuffer) result.get(1)).toString();
System.out.println("Initial SD_SendPasscode returned: " + prompt + "("+resultCode+")");
            //handle new PIN/expired password mode
            //warning...assuming system PIN policy allows user created PIN/password
            if (resultCode == PsoAceAdmin.ACE_USERPIN)
            {
System.out.println("Handling new PIN request...");
                  result = admin.SD_SendPasscode(no);  //don?t want system-generated PIN
                  resultCode=( (Integer) result.get(0)).intValue();
                  prompt = ((StringBuffer) result.get(1)).toString();
System.out.println("SD_SendPasscode returned: " + prompt + "("+resultCode+")");
            }
 
            //handle the requests for providing and confirming the new PIN/password
            while (resultCode != 0 && resultCode != PsoAceAdmin.ACE_ACCESSOK && resultCode != PsoAceAdmin.ACE_ACCESSDENIED)
            {
System.out.println("Sending in new password.");
                  result = admin.SD_SendPasscode(password );
                  resultCode=( (Integer) result.get(0)).intValue();
                  prompt = ((StringBuffer) result.get(1)).toString();
 
System.out.println("SD_SendPasscode returned: " + prompt + "("+resultCode+")");
            }
?

With a PIN policy of user-created PINs allowed, alphanumeric PINs allowed, and min=4, max=8, you will see the following output:
 
starting
looking for prompt_api_DLL
Initial SD_SendPasscode returned: You must select a new PIN.
Do you want the system to generate
your new PIN? (y/n) [n] (3)
Handling new PIN request...
looking for prompt_api_DLL
SD_SendPasscode returned: Enter a new PIN between 4 and 8 alphanumeric
characters:(5)
Sending in new password.
looking for prompt_api_DLL
SD_SendPasscode returned: Re-enter new PIN to confirm:(9)
Sending in new password.
looking for prompt_api_DLL
SD_SendPasscode returned: PIN accepted. Wait for the tokencode to change, then enter a new PASSCODE:(13)
Sending in new password.
SD_SendPasscode returned: Access OK(15)
NotesSee solution on how to programmatically replace expired PsoAceAdmin administrator password for sample code to reset the expired password to a new value.
Legacy Article IDa46723

Attachments

    Outcomes