dynamic seed provisioning
when I use "dynamic seed provisioning" in order to distribuite a software token I obtain a strange string:
"http://127.0.0.1/securid/ctkip?scheme=https&url="MY Server FQDN":7004/ctkip/services/CtkipService", is it coorrect ?
Can I use "dynamic seed provisioning" whitout install Web-Tier or is necessary implement it ?
I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Customer Support" data-type="space page, click on Ask A Question on the blue navigation bar and choose . From there, scroll to RSA SecurID Access" data-type="space and click Ask A Question. That way your question will appear in the correct space.
Thank you Erica
Da: Erica Chalfin
Inviato: venerdì 19 ottobre 2018 15:30
A: Roberto Rabolini
Oggetto: You have been mentioned by Erica Chalfin in Re: dynamic seed provisioning in RSA Link
You have been mentioned
by Erica Chalfin<https://community.rsa.com/people/B1fQpWp0Er9BI4ZmqBP9R2k0AFScN6CUsaPcsyfuRCQ=?et=notification.mention> in Re: dynamic seed provisioning in RSA Link - View Erica Chalfin's reference to you<https://community.rsa.com/message/920129?commentID=920129&et=notification.mention#comment-920129>
Dynamic seed provisioning , or CTKIP, does not require a web tier.
If the device can access port 7004 on the primary RSA Authentication Manager, then it can CTKIP a token.
A web tier (and this is when you would need to configure a Virtual Host) is essentially an RSA Authentication Manager self-service portal that can sit on the DMZ (essentially a proxy server) and allow internet access to do CTKIP without being on your inside network.The web tier then has it's own private connection to your internal RSA Authentication Manager primary on a separate TCP port (7022).
The 127.0.0.1 URL is correct if the device that is doing CTKIP understands the URL format (there have been some changes over time on some URL formats). So, the best thing do do is: refer to the Software Token admin guide for [device type] and see what the URL format should be, and then you can configure a software token profile and create the appropriate CTKIP link for an end user to click. The 127.0.0.1 instructs the device to pass this string to itself where an internal app is listening (which is the RSA software token app) and then the app does it's own real network connection to perform the token download.
On this page
you can find the documentation for [device] and it will show 'token delivery methods' and any special URL formatting required to do CTKIP with that device.
CTF (compressed token format) is another option for some devices, where you get a very large 'URL like string' in which the entire token is encoded, and requires zero network connectivity.