This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TChandler
Contributor
Contributor
‎2020-09-30 03:32 PM

Where does the Token Lifetime Get Assigned?

Jump to solution

We had several hundred software tokens that expired on the same date. We have extended the lifetime of the tokens in question but we would like to know where this lifetime was originally configured in RSA Authentication Manager.

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-09-30 03:43 PM

Jump to solution

"at the factory" in the token seed record .xml file that was purchased through RSA and downloaded to your site then imported into into the Security Console.

Before AM 8.2, software tokens could not be extended, so you would have been forced to replace, which requires distribution and download to the user device.  Extending tokens avoids that.

So at some point, or a several points over the years, a company would have purchased, downloaded (or received a CD by mail), imported into Security Console and distributed the software token to a user who would have imported the .sdtid file or CKTip URL into their device (PC or smart phone app), set their PIN and worked....until that token expiration date approached.  In the old days they had to get a replacement token and repeat the distribution and import .sdtid file or CTkip URL (QR code is a picture of a CTKip URL), which is why extend software tokens is very useful

View solution in original post

Reply
4 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-09-30 03:43 PM

Jump to solution

"at the factory" in the token seed record .xml file that was purchased through RSA and downloaded to your site then imported into into the Security Console.

Before AM 8.2, software tokens could not be extended, so you would have been forced to replace, which requires distribution and download to the user device.  Extending tokens avoids that.

So at some point, or a several points over the years, a company would have purchased, downloaded (or received a CD by mail), imported into Security Console and distributed the software token to a user who would have imported the .sdtid file or CKTip URL into their device (PC or smart phone app), set their PIN and worked....until that token expiration date approached.  In the old days they had to get a replacement token and repeat the distribution and import .sdtid file or CTkip URL (QR code is a picture of a CTKip URL), which is why extend software tokens is very useful

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-09-30 03:45 PM

Jump to solution

The Token Seed record .xml files are digitally signed, so you can read them and see expiration dates, but can't edit them

0 Likes
Reply
TChandler
Contributor
Contributor
In response to JayGuillette
‎2020-09-30 03:50 PM

Jump to solution

Perfect. That's what I needed to know!

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to TChandler
‎2020-10-01 09:25 AM

Jump to solution

For all tokens: The factory expire date will be seen in the Security Console.

 

For Software Tokens: the end user device will always show Dec 2035 as expire date. This is to facilitate

extending token lifetimes (by purchasing new tokens and using the Security Console) and the end user

need to do nothing. The token will expire on time and the AM admin will know, end user just sees authentications fail.

If you extend the token with a new expire date it will produce good authentications again.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.