This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AndrePietersen
Beginner
Beginner
‎2016-05-11 07:12 AM

error importing software token in IOS RSA app

all

 

Since the last update of the RSA softtoken app for IOS,(version 2.2) the users can't import a new token.

They receive the following error Token import failed. Error communicating with server. Contact your administrator

On the server side, firewalls etc nothing has changed and importing of tokens in android or windows is flawless.

on the firewall we don't see any drops and I have made a quick capture and can't see any network traffic

 

I am running 3.0 appliances with authentication manager 8.1. sp1 p12

For the software token profile we are using device type iphone 1.3 and the tokens are distributed with CTKIP

In our testing environment I have tried device type IOS 2.x but no success

 

I have reported this issue with our supplier but any suggestions or tips are welcome

 

regards

 

André

Labels (1)
Labels
0 Likes
Reply
17 Replies
KevinDouglas
Respected Contributor Respected Contributor
Respected Contributor
‎2016-05-11 11:45 AM

Hi Andre:  The issue centers on new requirement from Apple.  Certificates need to be upgraded on the Authentication Manager.

See KB 000033062 Importing a new token fails with RSA SecurID Software Token for iOS 2.2

0 Likes
Reply
MarkLallersted1
Beginner
Beginner
‎2016-05-11 03:29 PM

I am having the same issues as Andre.  When I attempt to access the page Kevin has listed I am given an error after authenticating.  Can you provide a different link?

0 Likes
Reply
AndrePietersen
Beginner
Beginner
In response to KevinDouglas
‎2016-05-12 03:53 AM

when looking at the link you provided, it seems configuration option 3 is applicable for us.

however the difference is that we using ctkip with the primairy appliance which is fronted by a Microsoft TMG which function as a loadbalancer..

I have checked the certificate on the loadbalancer and it seems to me that the certificate and protocols meet to all the requirements of apple

 

according to ssllabs

RSA 2048 bits (e 65537) / SHA256withRSA

 

hope to hear from you soon

 

 

 

 

regards Andre

 

 

 

0 Likes
Reply
AndrePietersen
Beginner
Beginner
In response to MarkLallersted1
‎2016-05-12 03:56 AM

mark

I have saved the document, if you give me your email address I can send tit to you

regards

 

andre

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2016-05-12 08:14 AM

in the meantime

if users are down until they get a token installed, 

 

for token distro methods use CTF or file based until the issue is sorted out

0 Likes
Reply
MarkLallersted1
Beginner
Beginner
‎2016-05-12 08:21 AM

Andre,

 

  My email is mlallerstedt@icscanhelp.com, and Edward I appreciate the thoughts on alternative methods for the time being.

0 Likes
Reply
KevinDouglas
Respected Contributor Respected Contributor
Respected Contributor
In response to AndrePietersen
‎2016-05-12 08:30 AM

We are updating the KB.   We have heard that some older loadbalancer's that can take a SHA-256 certificate, cannot successfully negotiate the required Apple ciphersuites.   Take a look at this utility  https://www.ssllabs.com/ssltest/index.html

There's a very popular loadbalancer out their that shows the following error:


Apple ATS 9 / iOS 9  R

Server sent fatal alert: handshake_failure

 

The fix for it is to upgrade the version of the loadbalancer.

0 Likes
Reply
AndrePietersen
Beginner
Beginner
In response to MarkLallersted1
‎2016-05-12 09:29 AM

hello Mark

it should be in your email now.

 

regards

0 Likes
Reply
AndrePietersen
Beginner
Beginner
In response to KevinDouglas
‎2016-05-12 09:32 AM

Hello Kevin

 

I am using ssllabs a lot

can you clarify which loadbalancer shows that error?

because I see the error message when using ssllabs

if you don't want to put in on the board you can email me at andre.pietersen@klm.com

 

by the way I my supplier told me there will be a new app available soon, can you confirm that?

it should fix the errors

 

regards

 

André

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.