000017434 - Error generating CTKIP Credentials for token 'xxxxxxxxxx'. Error: Nickname attribute cannot be empty when NicknameIsCtkipCode is true - RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017434
Applies ToRSA AMBA 1.4.0 Build 942
RSA Authentication Manager 7.1
RSA Authentication Manager 8
IssueThe Goal is to Automatically assign and distribute a sw token using CT-KIP method for an existing user in external identity source (AD) 
Getting the following error message when running the command: "./rsautil AMBulkAdmin -a superadmin -P *** -M *** --lic /tmp/755001032.lic -i test1.csv --ctkip --verbose"

The AMBulkAdminLog.txt shows:
-bash-3.00$ tail -f AMBulkAdminLog.txt
Info : -Leaving getSoftwareTokenDeviceDTO
Error : 2013-10-08 11:06:31 : Line 2 - addTokenToUserAuto -Token xxxxxxxx, not deployed. Reason: Error generating CTKIP Credentials for token xxxxxxxx. Error: Nickname attribute cannot be empty when NicknameIsCtkipCode is true
Failure: 2013-10-08 11:06:31 : Line 2 - addTokenToUserAuto -Token xxxxxxxx assigned but not deployed to ADbob. Reason: Error generating CTKIP Credentials for token xxxxxxxx. Error: Nickname attribute cannot be empty when NicknameIsCtkipCode is true
Info : -Leaving addTokenToUserAuto
Info : -Closing input file
Info : -Closing rejected actions file
Info : -Closing unsupported actions file
Info : -Log File Closed
Info : -Exit code: 3
EOJ : 2013-10-08 11:06:31 - Terminating
CauseThis error occurred because no software token device type was set.
Resolution

The error is somewhat indicative of the problem (no software token device type). There is a separate AMBA command that you have to use Set Software Token Device Type (SSTDT) prior to using one of the provisioning commands.
For example, the below AMBA input successfully generated a CT-KIP email in my test environment. I was able to import into a windows desktop token app using the received URL and activation code:

Action,Key,KeyType,MiscVariable
SSTDT,Desktop PC,FamilyKey,4.0
CIF,Action,DefLogin,TokEnabled,MiscVariable,DeliveryMethod,PinAdded,DeviceSerialNumber
ATUA,tuser,1,4,SMTP,tokencode,ab45d07763842042a011

Some other SSTDT commands for different device types:

For iPhone:

Action,Key,KeyType,MiscVariable
SSTDT,iPhone,FamilyKey,1.3


For a Desktop PC:

Action,Key,KeyType,MiscVariable
SSTDT,Desktop PC,FamilyKey,4.0


For Blackberry:

Action,Key,KeyType,MiscVariable
SSTDT,BlackBerry,FamilyKey,3.0

Legacy Article IDa64805

Attachments

    Outcomes