|Applies To||RSA Authentication Manager 8.1.x|
ODA (both email / SMTP or SMS)
various SecurID agents based on 8.x agent API
|Issue||The server will accept ODA tokens up to 60 minutes after the token has been requested|
with a submitted userid and pin. However, the agent's setup in multi-transaction mode
will only allows the token to be submitted within 120 seconds or 2 minutes.
This is the currently by design.
|Resolution||Two options are available when using ODA:|
1. Educate users that they need to submit the token within 2 minutes of requesting it.
2. (Somewhat cumbersome) After the user submits the pin and user id, and receives the token code,
abandon the login session entirely, and create a new authentication session. Since the token
is good for 60 minutes, the user logs in this second time with user id and this time the token.