|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 6.1
Platform: IBM WebSEAL 6.1.1.x
Platform (Other): IBM Security Access Manager (formerly called IBM Tivoli Access Manager)
|Issue||Users cannot perform Next Tokencode Mode (NTCM) or New Pin Mode (NPM) authenticating with IBM WebSeal.|
Normal authentications work fine.
Underlying WebSeal is the RSA PAM agent. NTCM and NPM work fine with the PAM acetest utility.
Therefore, the problem is specific to using WebSEAL.
|Cause||IBM WebSEAL is not configured to maintain the session setting needed for RSA Agent API to complete multi-transactions (NTCM and NPM).|
|Resolution||To resolve the issue, follow the steps below.|
|Notes||Note that the create-unauth-sessions = yes setting only works in WebSEAL version 22.214.171.124 or later versions.|
If consulting with IBM Support, reference "IBM PMR 40092,122,000" for more information.