Failing to open the invitation URL on the Prime Self Service Portal
3 years ago
Originally Published: 2023-01-27
Article Number
000068075
Applies To
RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.x
Platform (Other): AMIS
Issue
Users cannot open their invitation URLs sent by the Administrators through the Help Desk Admin Portal (HDAP)

The error below appeared in the auth.log file under /opt/rsa/primekit/logs/amis/

2023-01-26T09:01:52,778+0100,com.rsa.ucm.auth,DEBUG,handleAuthenticateResult: resultCode=5
2023-01-26T09:01:52,778+0100,com.rsa.ucm.auth,DEBUG,handleAuthenticateResult: Preparing new_pin_reqired response resultCode=5
2023-01-26T09:01:52,786+0100,com.rsa.ucm.auth,DEBUG,handleAuthenticateResult: Result = <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<authenticationResult>
<PinConfiguration isAlphanumeric="true" maxPinLength="8" minPinLength="4" userSelectable="MustChoosePin"/>
<authenticated>false</authenticated>
<code>5</code>
<failed>false</failed>
<message>NEW_PIN_REQUIRED</message>
</authenticationResult
Cause
There is a misconfigured policy in the AMIS-bind-accounts security domain 
Resolution
Need to update the policies applied to the AMIS-bind-accounts security domain
Steps to follow:
  1. Login to the Primary Security Console
  2. Navigate to Administration > Security Domain > Manage Existing
  3. Edit AMIS-bind-accounts
  4. Under Policies, set SecurID Token Policy to AMIS Token No PIN Expire
  5. Keep the other policies set to default
  6. Save the changes
image.png
 
Workaround
NA
Notes
NA
Don't see what you're looking for?