This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID® Access Discussions

Browse the SecurID Access discussion board to get product help and collaborate with other users of SecurID Access.
ZahidYaqub
Beginner
Beginner
‎2019-09-25 06:32 AM

RSA CTKIP URLs

I am facing an interesting error. My deployment consist of one primary and one replica instance and also I have webtier Installed.  I have imported soft-tokens and hard tokens. everything is working fine except  ctkip token distribution. I have  question. When I install a web tier server and enable Dynamic seed Provisioning does it automatically move CTKIP service from primary instance to web tier ? and how can i verify on which server ctkip service is running ? 

 

When I I try to Import a token on my phone I get an error " Token Import failed" contact your system admin. 

Labels (1)
0 Likes
Reply
4 Replies
EdwardDavis
Employee
Employee
‎2019-09-25 08:01 AM

CTKIP will be on the webtier if you have enabled that on webtier, and it will also be on the self-service console. You could edit the webtier URL to be the self-service console and port 7004, and either one could do CTKIP. Whichever one is used first will expire that CTKIP link.

Reply
FabioGomes
Beginner
Beginner
In response to EdwardDavis
‎2020-05-26 01:15 PM

Hi Edward,

 

We have Web Tier implemented.

When we try to import CT-KIP software token (QRCode) we got "Token Import Failed" error.

 

The QRCode URL is:

 

http://127.0.0.1/securid/ctkip?scheme=https&url=<OUR LOCAL SERVER>:7004/ctkip/services/CtkipService&...SOME CODE>

 

As our mobile phone can't access our local server, how to set this default URL to point to our Web Tier?

Reply
StevenSpicer
Employee
Employee
In response to FabioGomes
‎2020-05-26 05:35 PM

That is the point of the Virtual Hostname.  You specify an externally visible hostname and get it into public DNS, then that address leads to your webtier hosts. You'll need a commercial SSL certificate or the end user devices may not trust it. 

 

A good place to start is the RSA Authentication Manager 8.4 Setup and Configuration Guide, specifically the chapters on Configuring a Load Balancer and Virtual Host, and Installing Web Tiers.  The Help menu in the Security Console can give you more information as well as step-by-step instructions.

Reply
EdwardDavis
Employee
Employee
In response to FabioGomes
‎2020-05-27 08:06 AM

In the Security Console look up the option in Help Menu to change the CTKIP URL to whatever you want (which will be the webtier). It will be Security Console, setup, system settings, tokens page.

 

pastedImage_3.png

 

 

NOTE: The built-in Self Service Console CT-KIP will remain working and always be port 7004 [ https://primary.name.com:7004/... ] and any time you create a URL that is the webtier, you could change it by hand to be the self service page...both will keep working and the ct-kip token can be delivered by whichever one you use first.

 

This page here sets what URL gets sent to users to retrieve tokens, but the internal one is always up, as well as the webtier.

Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.