000015960 - Access Manager 6.1: How to invalidate an RSA Access Manager Authentication token using the runtimeAPI

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015960
Applies ToRSA Access Manager 6.1 runtimeAPI
IssueAccess Manager 6.1: How to invalidate an RSA Access Manager Authentication token using the runtimeAPI
When attempting to invalidate the token, the following error is generated:
sirrus.runtime.TokenException: Impersonation is allowed only for administrative user
Cause
You cannot set both SC_IS_VALID=false and SC_BASIC=true in the same request map.
Resolution
The runtimeAPI createToken() call is used to create a token.  The maps you set in the token determine if the token is valid for SSO, or is an invalid token used to invalidate the user session.
You must set the appropriate maps before you create the token, for example:
TokenKeys.SC_IS_VALID, "false");
When creating a valid token, you must set SC_IS_VALID=true, and you also must set at least one authentication type as true (for example SC_BASIC=true).
When invalidating a token, you must set SC_IS_VALID=false, and you also must ensure that no authentication types are set in the map.

For additional information, please refer to the Access Manager 6.1 sdk documentation.
Legacy Article IDa57792

Attachments

    Outcomes