SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Passcode Format Error with SWIFT integration

Hi All,


we are trying to configure the SWIFT application to send the authentication to the RSA server running version 8.2 SP1 using RADIUS protocol, however on the real time monitor on the RSA server we are getting "Passcode Format Error"


Has any one faced this issue before with the SWIFT integration.

Labels (1)
2 Replies

Typically with radius and passcode format error, the shared secret is not correct.


Confirm by: doing a packet capture of the radius traffic.


Open in wireshark, go to preferences, radius protocol, and put in the shared secret you think should be in use,

and look at packet and the password field. If the correct shared secret is in place, the user-password field will be the passcode. If the secret is incorrect, it will be garbage (which throws passcode format errors).



On the rsa server that gets the incoming radius request…


log in to command line as rsaadmin

become root with



sudo su -

and rsaadmin password again



1) run tcpdump to capture the traffic and save to a pcap file




tcpdump -i eth0 udp port 1812 -nn -s 0 -w /tmp/pcap.cap


here I use port 1812, it may be port 1645


NOTE: you could use host argument to narrow it down further if there

is a lot of radius traffic to weed through


tcpdump -i eth0 udp port 1812 and host ip-of-radius-client -nn -s 0 -w /tmp/pcap.cap



2) do the auth, see the error in rsa log, then ctrl-c out of tcpdump


3) use sftp (winscp, filezilla...putty file transfer..) to log in as rsaadmin

and to move the /tmp/pcap.cap file to a system that runs wireshark and check it out





Hi Edward,


Thanks for the information it was helpful for us. we were able to successfully do the integration.


The issue was that on the SWIFT application there are two admin users LSO and RSO. Each of them will create a subset of the RADIUS shared key on the SWIFT application and on the RSA server you have to provide both subsets as 1 shared key in the RADIUS configuration.


The reason that we were getting the error “Passcode Format Error” is that the customer provided 1 subset only from the shared key so it was not able to decrypt the password field.