This article explains how to convert a file-based RSA SecurID software token from .sdtid (CTF) format to a QR code in Authentication Manager 8.x using Token Converter utility.
Before beginning, make sure Java is installed on your workstation.
- From a command prompt, run java to confirm.
Image description
- Download the RSA SecurID Software Token Converter 3.1 .zip file.
- Navigate to the directory where the TokenConverter310.zip file is located or move the .zip to another directory.
- Unzip the folder contents. It should contain two jar files: TokenConverter and zxing-core-2.1.
- On the Security Console, assign a software token to a user then distribute it as a file-based token.
If you have not distributed software tokens before, you will need to create a software token profile before continuing.
- The file-based token will be in a .zip file named AM_Token.zip.
- Place the .zip in the same directory as the Token Converter files.
- Extract the .sdtid file in the .zip to the directory.
Image description
- Launch a command line prompt and navigate to the Token Converter folder.
- Enter the following command to convert the file-based token from /sdtid to a QR code to be imported on an Android device: java -jar TokenConverter.jar <fileBasedtokenName>.sdtid -android -qr -o qrCode.jpeg. In the image above the sdtid file is named android1x so the command would be:
java -jar TokenConverter.jar android1x.sdtid -android -qr -o qrCode.jpeg
Image description
To convert the .sdtid file for an iOS device, change -android to -ios.
This command creates a file named qrCode.jpeg, an image that will be generated in the same folder that holds the QR code, then it can be scanned from the end user's mobile application.
- If the file-based token is protected by a password, the password should also be provided when entering the command (java -jar TokenConverter.jar <fileBasedtokenName>.sdtid -android -qr -p <password> -o qrCode.jpeg), as follows:
java -jar TokenConverter.jar android1x.sdtid -android -qr -p P4ssw0rd! -o qrCode.jpeg
The user must also enter the password in the RSA SecurID app on the device to import the token.
- If required that the token expires after a required number of days, enter that value at the end of the command -d X, where X is the number of days.
java -jar TokenConverter.jar android1x.sdtid -android -qr -p P4ssw0rd! -o qrCode.jpeg -d 5