000036609 - How to increase the window for extending token lifetime prior to expiration from 15 days in RSA Authentication Manager 8.2 and later

Document created by RSA Customer Support Employee on Aug 13, 2018Last modified by RSA Customer Support Employee on Aug 28, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000036609
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.2 or later
  • When trying to extend the token lifetime more than 15 days prior to the token's expiration date, the process fails.
  • By default, Authentication Manager is set to only extend tokens 15 days prior to their expiration date.
ResolutionFollow the below steps to change the 15 day value to n days value:
  1. Launch an SSH client, such as PuTTy.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Change the directory to utils. 

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Tue Aug 28 12:46:44 2018 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~> cd /opt/rsa/am/util

  1. Type the command ./rsautil store -a update_config auth_manager.extend_token_life.token_days_remaining_for_expiration <number> GLOBAL 503, where number is the number of days before expiration.  For example, we can set the days to 45 days as shown below.
  2. When prompted, enter the Operations Console administrator user name and password.

rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil store -a update_config auth_manager.extend_token_life.token_days_remaining_for_expiration 45 GLOBAL 503
Please enter OC Administrator username: <enter user name for Operations Console administrator>
Please enter OC Administrator password: <enter password for Operations Console administrator>
psql.bin:/tmp/a8816bc5-08a2-44b2-9883-8d434640a92e7545770739398669438.sql:167: NOTICE:   Changed the value of configuration parameter 'auth_manager.extend_token_life.token_days_remaining_for_expiration' from '15' to '45' for the instance 'GLOBAL'.

(1 row)

  1. Restart all RSA Authentication Manager services:

rsaadmin@am82p:/opt/rsa/am/utils> cd /opt/rsa/am/server
rsaadmin@am82p:/opt/rsa/am/server> ./rsaserv restart all

6- Restart All services on each replica instance. Log on to each replica instance, and repeat step 5 and step 6.
NotesTo be able to extend the token, you have to be on Authentication Manager 8.2 or later and the token must have been distributed from version 8.2 or later.