|Applies To||RSA Authentication Manager 8.1|
|Issue||Error "object not found" reported when trying to unassign or delete a token|
|Cause||Possible causes; migrated users with replacement tokens that were not used for logon, or Users were in internal database, and were exported with tokens to me imported again with an external Identity source. It appears that the replacement tokens never quite make it if they have never been used.|
This issue will be fixed in RSA Authentication Manager 8.1 Patch 1 when it is released.
In the meantime here are the steps to update a token allowing for it to be unassigned in the RSA Security Console.
|Workaround||Using the Export / Import Tokens and Users option to export the user base, then remove the user data from the internal database and import the user and token information back, mapped to an identity source.|
|Notes||login to SSH on Primary|
Logon to the RSA AM 8.x Primary local console/SSH session with ‘rsaadmin’ account.
./rsautil manage-secrets -a get com.rsa.db.dba.password
Enter the OCadmin User and Password. This returns the database password, e.g. com.rsa.db.dba.password: vDBh1Rb005S7nX9t304v8jy3eHFFGI which you will copy and paste in a command below.
./psql -h localhost -p 7050 -d db -U rsa_dba
paste in DB Password, e.g. vDBh1Rb005S7nX9t304v8jy3eHFFGI (highlight DB password and right click to paste)
if successful you will get the db# prompt
Run Select SQL and update SQL commands on a token serial number from the db# prompt;
Substitute <token_serial_number> with the actual serial number of the token (including any
leading zeros) e.g. 000233022518. You can select and paste the whole statement if there are no line feed breaks;
select id, serial_number, replacement_mode, replace_token_sn,tokenreplace_updated_date from rsa_rep.am_token where serial_number ='000116927651';
The Select statement will wrap in most SSH sessions, so you only see the end of it, like this
This is the first part of step 7 in Mostafa’s PDF, Viewing a single token, and it proves you have the correct serial number and the token exists. The second part is updating a single token.
update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number ='000116927651';
Now you should be able to go to Security Console and delete or unassign Token with SN 000116927651 or any other token Serial Number.
|Legacy Article ID||a64536|