This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Generate reports for extendable and nonextendable tokens in RSA Authentication Manager 8.2 or later

Article Number

000037102

Applies To

RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.2 or later

Issue

  • The Extendable category is not available in the default RSA Authentication Manager report templates. The only way to check on this detail from the UI is by opening the token dashboard from the Security Console (Authentication > SecurID Tokens > Manage Existing). In this dashboard, you will see the Extendable column and a green check when a token is extendable.
  • As this report cannot be generated from within the Security Console UI, the following database queries provide a workaround for generating the reports.

Resolution

  1. Launch an SSH client, such as PuTTy.
  2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.

During Quick Setup, another username may have been selected. Use that username to log in.

  1. Enter the following command to get the database password:
rsaadmin@am83p:> /opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ

The database password will be different for each installation of RSA Authentication Manager.
  1. Use the following queries to generate the reports:
    1. To generate a report of all extendable tokens, regardless of token expiration dates
rsaadmin@am83p:> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( SELECT ipd.loginuid, iis.name, amt.serial_number, amt.token_shutdown_date FROM rsa_rep.ims_principal_data ipd INNER JOIN rsa_rep.ims_identity_source iis ON iis.id = ipd.identity_src_id LEFT JOIN rsa_rep.am_token amt ON amt.principal_id = ipd.id where amt.terminate_date is not null )TO STDOUT WITH CSV HEADER " > /tmp/all_extendableTokens_report.csv
Password for user rsa_dba: <enter the com.rsa.db.dba.password string from above>
 
  1. Use the following query to generate a report of extendable tokens that shut down before a specific expiration date. In the example below, the date is 28 February 2021 and can be changed to any date.
rsaadmin@am83p:> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( SELECT ipd.loginuid, iis.name, amt.serial_number, amt.token_shutdown_date FROM rsa_rep.ims_principal_data ipd INNER JOIN rsa_rep.ims_identity_source iis ON iis.id = ipd.identity_src_id LEFT JOIN rsa_rep.am_token amt ON amt.principal_id = ipd.id where amt.terminate_date is not null AND amt.token_shutdown_date <= '2021-02-28 00:00:00.000') TO STDOUT WITH CSV HEADER " > /tmp/extendableTokens2_report.csv
 
  1. To generate a report of all nonextendable tokens

rsaadmin@am83p:> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( SELECT ipd.loginuid, iis.name, amt.serial_number, amt.token_shutdown_date FROM rsa_rep.ims_principal_data ipd INNER JOIN rsa_rep.ims_identity_source iis ON iis.id = ipd.identity_src_id LEFT JOIN rsa_rep.am_token amt ON amt.principal_id = ipd.id where amt.terminate_date is null ) TO STDOUT WITH CSV HEADER " > /tmp/non_extendableTokens_report.csv
  1. The reports are saved in /tmp. You can copy the reports using the WinSCP application to your local PC and view them using Excel.

Notes

  • Token extension-lifetime is only available for software tokens that are distributed on RSA Authentication Manager 8.2 or later.
  • AM-32003 was opened as a request for enhancement (RFE) to add the extendable token option in the default report templates.


 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 12:14 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.