|Applies To||RSA SecurID Web Express 1.1|
Microsoft Windows 2000 Server SP3
|Issue||Web Express set PIN option does not prompt for PIN|
User wants to set the PIN after accessing the token request page
User cannot create or change PIN using set PIN link on Token request page
|Cause||RSASecurIDWebExpress folder is protected with SecurID. When the user types the URL for Web Express,|
they are challenged with securID authentication; they authenticate successfully, then click the link for Token request page.
Then, the user click the set PIN link on the left side of the page. User is not prompted with a Challenge or new PIN prompt. This is because the user has valid cookie, since they already passed through the authentication. User will then get a message that reads: "Congratulations. You have been successfully authenticated".
|Resolution||End users are allowed to change their PIN without administrator's intervention on a browser. Only a valid user can change his PIN.|
A user must be validated with SecurID credentials prior to changing the PIN. This can be configured by exclusively protecting the folder "Protected" using the following steps:
1. Unprotect default web site. Unprotect RSASecurIDWebExpress folder
2. Protect the explicitly "Protected" folder under RSASecurID folder. Stop and start the IIS Admin and WWW Publishing services.
3. Launch the browser with http://machinename/RSASecurID WebExpress (this is not protected)
4. Click the link Token Request Page
5. Click set PIN link on the left side
6. You will be prompted for SecurID
For additional details, please refer to Web Express 1.1 Installation and Configuration Manual page 25.
|Legacy Article ID||a15882|