This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
PerBengtsson
New Contributor
New Contributor
‎2017-11-10 10:16 AM

On-demand authentication with new or cleared PIN

I'm currently evaluating RSA Authentication Manager 8.2 SP1.

I have On-demand authentication configured using an SMS service and I'm authenticating using Cisco AnyConnect 4.4 and it works pretty much the way I want it.

The only glitch I'm experiencing is when a user has a new or cleared/temporary PIN.

AnyConnect prompts for a new PIN (twice) and the PIN change is successful and the PIN is accepted. It then says "Wait for token to change, then enter the new tokencode".

For some reason, no token code is being sent out via SMS at this point.

This happens only in the logon session where the user is forced to change the PIN. If the user cancels the logon after changing the PIN and then makes a new logon using the newly created PIN everything works as expected.

This would be quite confusing for the end user. Can it be fixed in any way?

Labels (1)
0 Likes
Reply
3 Replies
EdwardDavis
Employee
Employee
‎2017-11-10 12:59 PM

That is likely using radius, and this should be what to do:

 

When it says enter new tokencode, [after setting up the new pin], enter that pin one

more time, and that should then fire the tokencode as expected.

 

-enter pin [that will need to be changed]

get prompted to change pin

get prompted to confirm pin

-get prompted to enter next tokencode, enter the new pin instead

-now get another prompt to enter next tokencode, and the code should arrive

 

If the above series works, this is known issue using radius and ODA and in change pin mode

AM-30034 ODA Tokencode not sent after pin change

Reply
PerBengtsson
New Contributor
New Contributor
In response to EdwardDavis
‎2017-11-20 04:58 AM

Thanks for your reply.

Yes, I'm using radius and you are absolutely right. Entering the pin instead of token code triggers a new token code to be sent.

I take it this will be fixed in a future update then. Meanwhile I will have to adjust the "wait for next token code" message a bit to prevent confusion.

I can't find any more information about "AM-30034 ODA Tokencode not sent after pin change". Is there a link to an article or something that I can track to see when there are any updates?

0 Likes
Reply
DanielMoore
Beginner
Beginner
‎2018-03-22 03:43 PM

I've tracked this discussion for a few months and have read every release note regarding AM's. I have not found or see anything related to AM-30034 in any document or mentioned anywhere.

 

I am afraid this issue will be resolved in a patch and it will affect our day to day operations.

 

Can anyone shed more light on this topic?

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.