000021011 - Get Java Auth API sample code to authenticate consistently with 'Requires Name Lock' enabled

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021011
IssueCause Java Auth API sample code to authenticate consistently when "Requires Name Lock" enabled
With "Requires Name Lock" disabled, the SecurID Java Authentication SDK sample code authenticates successfully.
With "Requires Name Lock" enabled, authentications may now fail with "ACCESS DENIED, name lock required" logged at the Authentication Manager.
CauseThe sample code as written collects the username to be authenticated from the command line and immediately sends a name lock to the Authentication Manager. 
The sample code then prompts for a passcode and sends it to the Auth Manager once entered by the user. 
If > 30 seconds have elapsed since the name lock was accepted by the Authentication Manager the name lock will have expired and the ACCESS DENIED error message above will be seen in the Auth Manager activity log.
ResolutionModify the sample code to send the name lock after all user credentials have been gathered:


private void auth() throws Exception

        String userName;
        String passCode;
        AuthSession session;

        session = api.createUserSession();
        userName = io.input("Username: ");

        int authStatus = AuthSession.ACCESS_DENIED;

        for (int i = 0; i < 3 && authStatus != AuthSession.ACCESS_OK; i++)

            //don?t do the lock yet
            //authStatus = session.lock(userName);

            passCode = io.input("Passcode: ");
            //have everything?now do name lock and send passcode
            authStatus = session.lock(userName);
            authStatus = session.check(userName, passCode);
            authStatus = finalizeAuth(authStatus, session);
            switch (authStatus)


Legacy Article IDa38401