RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
This article provides information on how to generate a report via SQL that lists unassigned tokens in RSA Authentication Manager 8.x.
- Connect to the Authentication Manager server with an SSH session, through vSphere or a direct connection.
- Login as the rsaadmin user.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
- Using WinSCP or FileZilla, copy the attached unassigned_tokens.sql file to /home/rsaadmin.
- Run the command rsautil manage-secrets -a get com.rsa.db.dba.password to obtain the com.rsa.db.dba.password.
rsaadmin@am81p:~> cd /opt/rsa/am/utils/
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password
Please enter OC Administrator username: <enter Operations Console admin user name>
Please enter OC Administrator password: <enter Operations Console admin password>
com.rsa.db.dba.password: <output of the com.rsa.db.dba.password for your instance>
- Connect to the PostgreSQL database and run the script:
rsaadmin@am81p:~> cd /opt/rsa/am/pgsql/bin
rsaadmin@am81p:~> ./psql -h localhost -p 7050 -d db -U rsa_dba -f ~/unassigned_tokens.sql > ~/unassigned_tokens.html
Password for user rsa_dba: <enter the com.rsa.db.dba.password captured above>
- Use WinSCP or FileZilla to copy the unassigned_tokens.html from /home/rsaadmin to your local Windows machine.
As an alternative to running the SQL script, the command can be entered manually by accessing the database as above and running the following SQL query:
SELECT serial_number,token_type,token_subtype,token_shutdown_date FROM rsa_rep.am_token WHERE principal_id is NULL;