|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Authentication method failed, passcode format error
|Cause||An RSA administrator with the right to distribute software tokens can (re)distribute all assigned software tokens; thereby invalidating all currently assigned and working software tokens by regenerating their token with a different seed value. This effectively makes all of the redistributed software tokens into new software tokens with the same serial number, which invalidates every software token until the new token is imported.|
In the screen shot below note that the following warning is issued:
Token selection criteria not specified. All assigned tokens will be selected for issuance and that current software token users cannot authenticate until they update their tokens.
If you click OK, another warning displays:You will issue <number of software tokens> software tokens according to your selection criteria. This job generates new token seeds for these tokens. Existing users of these tokens will no longer be able to authenticate. Users must import the new token data before they can authenticate.
Once the new token seed is issued, the Authentication Manager server will expect authentication requests to use the newly issued tokencode or passcode. Since the old token is still installed on the end user's mobile device or desktop, when a tokencode or passcode is submitted from the device, authentication will fail.
Currently there is no simple or easy way to prevent this from happening. There is currently an RFE in place (AM-30216) to change the bulk distribution of software tokens within Authentication Manager.
There is no rollback option in Authentication Manager if software tokens are redistributed
. The two options to resolve this issue if it happens in your deployment are as follows:
|Notes||In Authentication Manager 6.1 and earlier, the token distribution process was called issuing software tokens.|