000015181 - AM 7.1 - Redistributing software tokens while retaining current key and tokencode generation.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015181
Applies To AM 7.1.3
Windows 2003, Solaris 10, RHEL 4.7
Currentlly when issuing a software token the "Regenerate the token seed" is checked by default. This feature, when enabled, will generate a uniqely keyed seed record which produces tokencodes unique to that particular issuance. There may be situations where an administrator wants to reissue the token seed such that the previous issuance can still be used and produces valid tokencodes.
There are two ways to issue a software token from the Security Console:

Authentication - SecurID Tokens - Distribute Software Token Jobs - Add New - Distribute token files

Unchecking the "Regenerate the token seed"  functions properly when using this method.

Or:

From the pulldown menu of an assigned Software Token.
If done using this method unchecking the "Regenerate the token seed" does not function properly. The newly generated seed will be uniquely keyed. The tokencodes generated will be uniquely different and the previous installation of this seed will generate tokencodes that are not valid, according to the Authentication Manager.
IssueRe-issuing software token such that new issuance and currently installed software token will generate the same tokencodes.
Software token is reissued from the pull down menu on an assigned token and the "Regenerate the token seed" is unchecked during the process. Authentications from previous installation of this software token  fail with "Incorrect Passcode" failure message.
ResolutionThe fix is included in Hot Fix 5 for SP3, which can be downloaded from the SecurCare OnLine site.
Legacy Article IDa52758

Attachments

    Outcomes