Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000018687 - How to maintain STATE during RSA SecurID authentication using the agent API

Document created by RSA Customer Support

on Jun 16, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000018687
Applies To	RSA ACE/Agent for Windows RSA ACE/Agent Authentication API Microsoft Windows NT 4.0 SP6 UNIX (AIX, HP-UX, Solaris)
Issue	How to maintain STATE during RSA SecurID authentication using the agent API New PIN mode and Next tokencode do not work
Cause	There is a requirement to 'Maintain state' during an authentication, meaning the end user may have a number of conversations with the agent before a complete authentication takes place
Resolution	When using the asynchronous functions in the API and one authentication takes place, a single thread needs to be created for the authentication session. This thread starts when a user is initially connected, and is finally closed when an authentication (successful or otherwise) has occurred. There are 3 types on conversation (as prototype sequences): 1. Start authentication Send username and PASSCODE Receive Success or Failure result Finish Authentication. 2. Start Authentication Send Username and Tokencode Receive Success plus request for PIN Choose a PIN (User selected or allocated by system) Send this to the ACE/Server Receive Success or Failure result Finish Authentication. 3. Start Authentication Send Username and PASSCODE Receive request for Next Tokencode Send Next Tokencode to the ACE/Server Receive Success or Failure result Finish Authentication The 'Start Authentication' relates to the 'AceInit' function. The 'Finish Authentication' relates to the 'AceClose' function. The very basic rule is that any authentication (of type 1, 2 or 3) will fit between these two function calls. If there is any way that your program can end up calling 'AceInit' as part of the same authentication with the end user, then it has gone wrong. So, the following sequence for one authentication with and end-user should NOT be allowed to happen: Start Authentication AceInit(.......) Send Username and Tokencode Receive request for Next Tokencode Start Authentication AceInit(.......) Send Next Tokencode to the ACE/Server
Legacy Article ID	a3300

Attachments

Outcomes

0 Comments

Recommended Content