How to increase the window for extending token lifetime prior to expiration from 15 days in RSA Authentication Manager 8.2 and later
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.2 or later
When trying to extend the token lifetime more than 15 days prior to the token's expiration date, the process fails.
By default, Authentication Manager is set to only extend tokens 15 days prior to their expiration date.
Follow the steps below to change the 15-day value to n days value:
Launch an SSH client, such as PuTTY.
Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
Change the directory to /utils.
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Tue Aug 28 12:46:44 2018 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am82p:~> cd /opt/rsa/am/utils
Type the command ./rsautil store -a update_config auth_manager.extend_token_life.token_days_remaining_for_expiration <number> GLOBAL 503, where number is the number of days before expiration. For example, we can set the days to 45 days as shown below.
./rsautil store -a update_config auth_manager.extend_token_life.token_days_remaining_for_expiration 45 GLOBAL 503
When prompted, enter the Operations Console administrator user name and password.
Please enter OC Administrator username: <enter user name for Operations Console administrator> Please enter OC Administrator password: <enter password for Operations Console administrator> psql.bin:/tmp/a8816bc5-08a2-44b2-9883-8d434640a92e7545770739398669438.sql:167: NOTICE: Changed the value of configuration parameter 'auth_manager.extend_token_life.token_days_remaining_for_expiration' from '15' to '45' for the instance 'GLOBAL'. update_config --------------- (1 row)
Restart all RSA Authentication Manager services on the primary (It is not necessary to restart Authentication Manager services on the replicas):
rsaadmin@am82p:/opt/rsa/am/utils> cd /opt/rsa/am/server rsaadmin@am82p:/opt/rsa/am/server> ./rsaserv restart all
To be able to extend the token, you have to be on Authentication Manager 8.2 or later and the token must have been distributed from version 8.2 or later.