000028924 - AM8: Self-service console doesn't display ODA link

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028924
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: Linux
O/S Version: Suse Linux
Product Name: RSA-0010010
Product Description: RSA Authentication Manager
IssueThere is a link for On-demand in AM7.1 Self-service console: 
"Get an On-Demand Tokencode" link 
It leads to the page: "Send Me an On-Demand tokencode"
Its URL is: 
https://<FQDN>:7004/console-selfservice/OnDemandOTTLogin.do?action=nvPreEdit
However, there is NO "Get an On-Demand Tokencode" link in Self-Service Console of RSA Authentication Manager 8.x as its predecessor RSA Authentication Manager 7.1 does.

 
CauseThe feature was removed from RSA Authentication Manager 8.0/8.1 or later
ResolutionThis is functioning as designed in RSA Authentication Manager 8.x that there is no link to request On-Demand tokencode in Self-Service Console.
However, the functionality is still existing that the page "Send Me an On-Demand tokencode" can be accessible by direct URL link.

Go to the URL below directly, then it displays "Send Me an On-Demand tokencode" page as it was in AM7.1: 

https://<FQDN>:7004/console-selfservice/OnDemandOTTLogin.do?action=nvPreEdit
WorkaroundOn-Demand tokencode request is normally available through an authentication agent or RADIUS client in AM8.x.
With an on-demand tokencode, the following process occurs on either Authentication Agent or RADIUS client:
1. The user accesses a protected resource, and the agent prompts the user for a User ID and passcode.
2. The user enters his or her User ID and, at the passcode prompt, an On-Demand Authentication (ODA) PIN, not passcode.
When a user who is enabled for the on-demand tokencode service enters an ODA PIN at the passcode prompt, Authentication Manager recognizes that the user is actually making a request for an on-demand tokencode.
3. Authentication Manager sends a tokencode to the user.
4. The authentication agent prompts the user to enter the next tokencode.
5. The user enters the received on-demand tokencode. 

This is covered in RSA Authentication Manager 8.1 Administrator's Guide pages 231-232.

Attachments

    Outcomes