000026606 - How to programmatically replace expired PsoAceAdmin administrator password

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 14, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026606
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 1.0, 2.0, 5.2, 6.1
 
IssueHow to programmatically replace expired PsoAceAdmin administrator password with new password
Admin password credential periodically expires which causes new PIN mode-related authentication responses from the Authentication Manager to the PsoAceAdmin client application.
PsoAceAdmin sample code does not handle this scenario.
 
ResolutionHere is example code for replacing the existing password with a new Authentication Manager-generated password.  The added code would follows the initial call to SD_SendPasscode in sample newtest.java.  Note that print statements are just to demonstrate the values coming back from the Authentication Manager:
List result;
int resultCode;
String prompt;
String yes = "y";
...

//handle new PIN/expired password mode
//note that this sample code makes assumptions regarding system PIN policy
if (resultCode == PsoAceAdmin.ACE_USERPIN)
{
System.out.println("Handling new PIN request...");
result = admin.SD_SendPasscode(yes); // Do you want the system to generate your new PIN? (y/n) [n]
resultCode=( (Integer) result.get(0)).intValue();
prompt = ((StringBuffer) result.get(1)).toString();
System.out.println("SD_SendPasscode returned: " + prompt + "("+resultCode+")");
//add another yes repsponse
result = admin.SD_SendPasscode(yes); // ?Are you ready to have the system generate your PIN? (y/n) [n]
resultCode=( (Integer) result.get(0)).intValue();
prompt = ((StringBuffer) result.get(1)).toString();
System.out.println("SD_SendPasscode returned: " + prompt + "("+resultCode+")");
//TODO: parse out and save the generated password from prompt string which equals (for example)
//"Your new PIN is w7vh. Wait for the tokencode to change, then enter a new PASSCODE"
}
//handle the requests for providing and confirming the new PIN/password
while (resultCode != 0 && resultCode != PsoAceAdmin.ACE_ACCESSOK && resultCode != PsoAceAdmin.ACE_ACCESSDENIED)
{
System.out.println("Sending in new password.");
result = admin.SD_SendPasscode(password );
resultCode=( (Integer) result.get(0)).intValue();
prompt = ((StringBuffer) result.get(1)).toString();
System.out.println("SD_SendPasscode returned: " + prompt + "("+resultCode+")");
}

 
 
 
NotesSee the solution on how to programmatically re-enable an expired PsoAceAdmin adminstrator password for similar code to reset the password to its original value.
Legacy Article IDa47454

Attachments

    Outcomes