SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
New Contributor
New Contributor

On-demand authentication with new or cleared PIN

I'm currently evaluating RSA Authentication Manager 8.2 SP1.

I have On-demand authentication configured using an SMS service and I'm authenticating using Cisco AnyConnect 4.4 and it works pretty much the way I want it.

The only glitch I'm experiencing is when a user has a new or cleared/temporary PIN.

AnyConnect prompts for a new PIN (twice) and the PIN change is successful and the PIN is accepted. It then says "Wait for token to change, then enter the new tokencode".

For some reason, no token code is being sent out via SMS at this point.

This happens only in the logon session where the user is forced to change the PIN. If the user cancels the logon after changing the PIN and then makes a new logon using the newly created PIN everything works as expected.

This would be quite confusing for the end user. Can it be fixed in any way?

Labels (1)
3 Replies

That is likely using radius, and this should be what to do:


When it says enter new tokencode, [after setting up the new pin], enter that pin one

more time, and that should then fire the tokencode as expected.


-enter pin [that will need to be changed]

get prompted to change pin

get prompted to confirm pin

-get prompted to enter next tokencode, enter the new pin instead

-now get another prompt to enter next tokencode, and the code should arrive


If the above series works, this is known issue using radius and ODA and in change pin mode

AM-30034 ODA Tokencode not sent after pin change

Thanks for your reply.

Yes, I'm using radius and you are absolutely right. Entering the pin instead of token code triggers a new token code to be sent.

I take it this will be fixed in a future update then. Meanwhile I will have to adjust the "wait for next token code" message a bit to prevent confusion.

I can't find any more information about "AM-30034 ODA Tokencode not sent after pin change". Is there a link to an article or something that I can track to see when there are any updates?


I've tracked this discussion for a few months and have read every release note regarding AM's. I have not found or see anything related to AM-30034 in any document or mentioned anywhere.


I am afraid this issue will be resolved in a patch and it will affect our day to day operations.


Can anyone shed more light on this topic?