RSA SecurID Authenticator 6.0 and 6.1 for Windows fails to import aCT-KIP URL
2 years ago
Originally Published: 2024-08-29
Article Number
000072773
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager, SecurID Authenticator 6.0, 6.1 for Microsoft Windows
Issue
There is an issue importing the RSA SecurID tokens via CT-KIP URL on RSA SecurID Authenticator 6.0 and 6.1 for Windows that were distributed using a software token profile with device type Desktop PC 4.x. 
  • When importing the RSA SecurID tokens via CT-KIP URL through an email, the link is not recognized. 
  • The Submit button in the RSA SecurID Authenticator application is greyed out and unclickable. The token cannot be imported.
Cause
When distributing a token via CT-KIP URL using the legacy Desktop PC 4.x device type Software Token Profile, the generated URL is in the following format:  
https://<Your_AM_Server_FQDN>:7004/ctkip/services/CtkipService         or         http://<Your_AM_Server_FQDN>:7004/ctkip/services/CtkipService

However, the RSA SecurID Authenticator for Windows 6.0 and 6.1 accepts only the auto launch URL that starts with the string securidauthenticator, as shown: 
securidauthenticator://ctkip?scheme=https&url=<Your_AM_Server_FQDN>:7004/ctkip/services/CtkipService

 
Resolution
To resolve the issue upgrade to RSA SecurID Authenticator 6.2 or higher. Downloads are available on the RSA Community.

RSA SecurID Authenticator 6.2 and later releases of the Authenticator Application for Microsoft Windows have a fix to the issue so that it  successfully imports the CT-KIP URL that was distributed using the legacy Desktop PC 4.x device type Software Token Profile
Workaround
The workaround below will allow you to import the CT-KIP URL that was distributed using the legacy Desktop PC 4.x device type Software Token Profile onto a device using RSA SecurID Authenticator 6.0 and 6.1:
 
  1. Download the SecurID Authenticator 6.0.1 Microsoft Windows Device Definition File.
  2. Extract the contents of the file. 
  3. In the Security Console, navigate to Authentication > Software Token Profiles > Add New.
  4. Enter the Profile Name and click Import Device Definition File.
  5. Import the Desktop-Windows-SecurID-Authenticator-swtd.xml from the extracted file in step 2.
  6. Click Save
  7. Now when distributing a token using the new Software Token Profile via CT-KIP URL, the URL will be in the format accepted by SecurID Authenticator 6.0 and 6.1 for Windows, and that the SecurID token will be imported successfully. 
Notes
If needed, review this article on how to add a software token profile.

Related Articles

Trending Articles

Don't see what you're looking for?