Users cannot authenticate successfully when the RSA SecurID token is in either Next Tokencode Mode or New PIN Mode when authentications originate from an IBM WebSeal in RSA Authentication Manager 8.x
Originally Published: 2015-10-21
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Platform: IBM WebSEAL 6.1.1.x
Platform (Other): IBM Security Access Manager (formerly called IBM Tivoli Access Manager)
Issue
- Users cannot authenticate successfully when the RSA SecurID token is in either Next Tokencode Mode or New PIN Mode when authentications originate from an IBM WebSeal in RSA Authentication Manager 8.x.
- If the token is not in Next Tokencode Mode or New Pin Mode, authentication is successful.
- Underlying the IBM WebSeal is the RSA Authentication Agent for PAM.
- Both Next Tokencode Mode and New PIN Mode work as expected with the PAM acetest utility.
- Therefore, the problem is specific to using WebSEAL.
Cause
Resolution
- Create a new setting in the WebSEAL configuration.
create-unauth-sessions = yes
- Restart the WebSEAL application.
This will allow for successful authentications when a token is in either Next Tokencode Mode or New PIN Mode.
Notes
If consulting with IBM Support, reference IBM PMR 40092,122,000 for more information.
Related Articles
Cisco Router with IOS 12.2(2)XB/12.2(4)T or later unable to handle New PIN Mode and Next Tokencode Mode Authentications th… Number of Views RSA SecurID end users setting their own PIN or next tokencode on a VPN connection Number of Views New PIN Mode and Next Token Mode fail on Cisco VPN 3000 Concentrator with RSA ACE/Server Number of Views MessageMedia SMS Gateway - On Demand Token Code Delivery Configuration - RSA Ready SecurID Access Implementation Guide Number of Views How long can an Agent wait to send a next tokencode or new pin message? Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
