Creating automated test users with a fixed passcode that does not need to be changed on initial logon using RSA Authentication Manager Bulk Admin (AMBA)
Originally Published: 2010-05-22
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
The solution is adding a second step of setting the password changenot to be required in a SQLcommnd. In this way, the first logon does not enter New PIN Mode to change the assigned fixed passcode. This is extremely useful when creating test accounts in bulk.
Cause
The AMBA command Add User with Password (AUP) has a SetPIN option to set the fixed passcode. Refer to the page 43 of the RSA Authentication Manager 8.4 Bulk Administration Utility (AMBA) Guide.
If you are at a version lower than 8.4, be sure to use the correct guide for your deployment.
Resolution
To make these changes, first access SQL on the Authentication Manager primary, find all the Test UserIDs or logonuid field in the ims_principal_data table, which will show an internal ID for each UserID, then we look up all the password_change_required field in the am_principal table, which does not have logonuid but does have the id field.
Then we update the password_change_required to be set to false for the users based on their id field in the am_principal table.
Now join this information to run one command. Here is a proof of concept:
- Connect to the Authentication Manager server with an SSH session, through vSphere or a direct connection.
- Login as the rsaadmin user.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
- Navigate to /opt/rsa/am/utils/.
- Run the command rsautil manage-secrets -a get com.rsa.db.dba.password to obtain the com.rsa.db.dba.password.
rsaadmin@am81p:~> cd /opt/rsa/am/utils/ rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console admin user name> Please enter OC Administrator password: <enter Operations Console admin password> com.rsa.db.dba.password: <output of the com.rsa.db.dba.password for your instance>
- Connect to the PostgreSQL database and run the script:
rsaadmin@am81p:~> cd /opt/rsa/am/pgsql/bin rsaadmin@am81p:~> ./psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: <enter the com.rsa.db.dba.password in step 4 above>
- This places you at the database prompt. From here run the following commands, noting your values will be different than the ones shown below:
db=# SELECT id, loginuid FROM rsa_rep.ims_principal_data; id | loginuid ----------------------------------+--------------- TrustedApplicationUserDataID | trustedapp 3e9cacffdb9110ac0022a0564a9931c1 | @PROXYUSER@ 000000000000000000001000d0021000 | admin 607854021e02a8c053a790daf3bfc58a | Administrator 564f4b611e02a8c075e0193ee95d7810 | Affiriplent 26467d1f1e02a8c0414f18165def167a | csalvati 8965d0ff1e02a8c04c915328b53a4019 | test1 ad2f09601e02a8c074652f72ea3ece91 | test2 (8 rows) db=# SELECT id, password_change_required FROM rsa_rep.am_principal; id | password_change_required ----------------------------------+-------------------------- 26467d1f1e02a8c0414f18165def167a | f 607854021e02a8c053a790daf3bfc58a | f 564f4b611e02a8c075e0193ee95d7810 | f 8965d0ff1e02a8c04c915328b53a4019 | t ad2f09601e02a8c074652f72ea3ece91 | t (5 rows) db=# SELECT id, password_change_required FROM rsa_rep.am_principal where id='8965d0ff1e02a8c04c915328b53a4019'; id | password_change_required ----------------------------------+-------------------------- 8965d0ff1e02a8c04c915328b53a4019 | t (1 row) db=# UPDATE am_principal SET password_change_required = 'false' WHERE id='8965d0ff1e02a8c04c915328b53a4019'; UPDATE 1 db=# SELECT id, password_change_required FROM rsa_rep.am_principal where id='8965d0ff1e02a8c04c915328b53a4019'; id | password_change_required ----------------------------------+-------------------------- 8965d0ff1e02a8c04c915328b53a4019 | f (1 row) db=# SELECT id, password_change_required FROM rsa_rep.am_principal where id=' ad2f09601e02a8c074652f72ea3ece91'; id | password_change_required ----------------------------------+-------------------------- ad2f09601e02a8c074652f72ea3ece91 | t (1 row) db=# UPDATE am_principal SET password_change_required = 'false' WHERE id=' ad2f09601e02a8c074652f72ea3ece91'; UPDATE 1 db=# SELECT id, password_change_required FROM rsa_rep.am_principal WHERE id=' ad2f09601e02a8c074652f72ea3ece91'; id | password_change_required ----------------------------------+-------------------------- ad2f09601e02a8c074652f72ea3ece91 | f (1 row)
Notes
Attachments
If the attachment does not open when clicked, please refresh the page and try again. You must be logged into view the file(s).
Related Articles
Need to add HTML to a review email template in IMG/Aveksa Number of Views Need to wait until updating radius_connector.ini file after AM8.6 upgrades replica side Number of Views MFA Agent for Windows v2.3 Upgrade Is Paused by Error "The following applications are using files that need to be updated" Number of Views Do Web Services need to be enabled if they are not being used in RSA Identity Governance & Lifecycle? Number of Views Does RSA Identity Governance and Lifecycle MAX_STRING_SIZE need to be modified from STANDARD to EXTENDED to accommodate st… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
