Hi, our QA team was testing desktop soft token implementations on our testing environment and found an odd issue:
We have set soft token device profiles for all device types. When users attempt to import mac tokens from a desktop pc it fails as expected on the RSA application (message: token not intended for device....).
However, this same request succeed is marked as a success in the back end and on the API. This causes the distributed token's activation code to be marked as 'already used by the user' on the security console and also erroneously makes our web page claim that the import has been a success although it failed on the application.
We have also noticed that this behavior does not exist for non-desktop software tokens such as IOS and Android.
What can be the issue here? We are currently using RSA Authentication Manager 8.3.6