SecurID^® Discussions

Hi,

I have a similar, but slightly different problem that was discussed in https://community.rsa.com/thread/193593 which was solved by Ted Barbour‌
We want to distribute tokens automatically (ultimately to automate provisioning via Service Now).
To that end, our team has written a REST API using Java (RSA Authentication Manager 8.1 API), because no such API exists (!).

We are able to provision Hard Tokens just fine.
But with Software Tokens, a bad profile (File Based) is used, instead of the proper one (Dynamic Seed provisioning/CTKIP) (See Attached "00_bad_profile.png")

The Funny thing is that we do not have any filed based profiles defined (it seems that some magic default is used) (See Attached "Profile_List.png"). For completeness, I attached the definition of the Pofiles we have defined (Profile_XY.png).

The idea of our code is to assign a given user the next available soft token using a profile given as string (e. g. "iPhone"):

 

public String assignSoftToken(String username, String profile)
throws Exception {

// check if profile exists
String guid = getSofttokenProfileGUID(profile);
if (guid == null || guid.equals("")) {
logger.error("Software Profile not found");
System.exit(9);
}

String out = assignNextSofttoken(username);
assignSofttokenProfile(out, profile);
distributeSofttoken(out);
return out;
}

To that end, we need to find the GUID of the given profile:

 

private String getSofttokenProfileGUID(String name) throws Exception {

// Check for Windows Phone
if (name.startsWith("Windows")) {
name = "Windows Phone";
}

ListSoftTokenProfilesCommand cmd = new ListSoftTokenProfilesCommand();
cmd.execute();
ListSoftTokenProfilesDTO dtos = cmd.getSoftTokenProfilesDTO();
for (SoftTokenProfileDTO dto : dtos.getSoftTokenProfiles()) {
if (name != null && !name.equals("") && name.equals(dto.getName())) {
return dto.getGuid();
}
}
throw new Exception("Softoken Profile not found");
}

Then we assign the next available soft token:

public String assignNextSofttoken(String username) throws Exception {
// lookup and then ...
String userGuid = lookupUser(username).getGuid();

ListTokenDTO token = null;
try {
token = getNextToken(4);
} catch (Exception e) {
logger.error("No more software token available");
System.exit(5);
}

String[] tokens = new String[] { token.getGuid() };
LinkTokensWithPrincipalCommand cmd2 = new LinkTokensWithPrincipalCommand(
tokens, userGuid);
cmd2.execute();
return token.getSerialNumber();
}

As a result, we get the serial number of the token.

Before distribution, we assign the profile:

 

public void assignSofttokenProfile(String softtokensn,
String softtokenprofile) throws Exception {

ListTokenDTO token = findAssignedsTokensBySN(softtokensn);

String[] tokens = new String[] { token.getGuid() };

LinkSoftTokensWithProfileCommand cmd = new LinkSoftTokensWithProfileCommand();
String softokenguid = getSofttokenProfileGUID(softtokenprofile);
cmd.setSoftTokenProfileGuid(softokenguid);
cmd.setTokenGuids(tokens);
try {
cmd.execute();
} catch (InvalidArgumentException e) {
logger.error("Token is not a software token");
System.exit(4);
}

}

and then we distribute:

 

public void distributeSofttoken(String softtokensn) throws Exception {

TokenDTO dto = retrieveTokenDTO(softtokensn);
String[] tokens = new String[] { dto.getId() };

IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand();

DistributeSoftTokenRequest request = new DistributeSoftTokenRequest();
request.setTokenGuids(tokens);
request.setSoftTokenProfileGuid(dto.getSoftTokenProfileId());
request.setDeviceTypePluginModuleName(getSofttokenDeviceTypeName(dto
.getSoftTokenDeviceTypeId()));

issueCmd.setRequest(request);
issueCmd.execute();
}

Now my gut feeling is that dto.getSoftTokenProfileId() does not return the proper profile.

Do you see anything that's wrong here?

Best

Daniel