000036609 - How to increase the window for extending token lifetime prior to expiration from 15 days in RSA Authentication Manager 8.2 and later

Document created by RSA Customer Support Employee on Aug 13, 2018Last modified by RSA Customer Support Employee on Jun 28, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036609
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.2 or later
  • When trying to extend the token lifetime more than 15 days prior to the token's expiration date, the process fails.
  • By default, Authentication Manager is set to only extend tokens 15 days prior to their expiration date.
ResolutionFollow the steps below to change the 15 day value to n days value:
  1. Launch an SSH client, such as PuTTY.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Change the directory to /utils. 

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Tue Aug 28 12:46:44 2018 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~> cd /opt/rsa/am/utils

  1. Type the command ./rsautil store -a update_config auth_manager.extend_token_life.token_days_remaining_for_expiration <number> GLOBAL 503, where number is the number of days before expiration.  For example, we can set the days to 45 days as shown below.

rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil store -a update_config auth_manager.extend_token_life.token_days_remaining_for_expiration 45 GLOBAL 503

  1. When prompted, enter the Operations Console administrator user name and password.

Please enter OC Administrator username: <enter user name for Operations Console administrator>
Please enter OC Administrator password: <enter password for Operations Console administrator>
NOTICE:   Changed the value of configuration parameter 'auth_manager.extend_token_life.token_days_remaining_for_expiration' from '15' to '45' for the instance 'GLOBAL'.  
(1 row)

  1. Restart all RSA Authentication Manager services:

rsaadmin@am82p:/opt/rsa/am/utils> cd /opt/rsa/am/server
rsaadmin@am82p:/opt/rsa/am/server> ./rsaserv restart all

  1. Restart all Authentication Manager services on each replica instance by logging in to each replica instance, and repeating step 5 and step 6.
NotesTo be able to extend the token, you have to be on Authentication Manager 8.2 or later and the token must have been distributed from version 8.2 or later.