000029745 - SecurID On-Demand Authentication (ODA) requries submitting the token within two minutes or 120 seconds after the pin is submitted

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029745
Applies ToRSA Authentication Manager 8.1.x
ODA (both email / SMTP or SMS)
various SecurID agents based on 8.x agent API
IssueThe server will accept ODA tokens up to 60 minutes after the token has been requested
with a submitted userid and pin. However, the agent's setup in multi-transaction mode 
will only allows the token to be submitted within 120 seconds or 2 minutes.
This is the currently by design. 
ResolutionTwo options are available when using ODA:
1. Educate users that they need to submit the token within 2 minutes of requesting it.
2. (Somewhat cumbersome) After the user submits the pin and user id, and receives the token code, 
abandon the login session entirely, and create a new authentication session. Since the token
is good for 60 minutes, the user logs in this second time with user id and this time the token.