This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

This token type is not allowed error in RSA Authentication Manager 8.x Self-Service Console

Article Number

000013054

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition:  8.x

Issue

The error following message shows in the Self-Service Console when requesting a token:

This-token-type-is-not-allowed-in-UCM

The <hostname>_server.log is located in /opt/rsa/am/server/logs.  It will show the following error while creating a self-service request for enrollment with hardware token:
com.rsa.command.exception.InvalidArgumentException: This token type is not allowed in UCM
   at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:217)
   at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:338)
   at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:252)
   at com.rsa.command.CommandServer_qt4u4w_EOImpl_1000_WLStub.executeFrameworkManagedTx(Unknown Source)
   at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:219)
   at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:168)
   at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
   at weblogic.security.service.SecurityManager.runAs(Unknown Source)
  at weblogic.security.Security.runAs(Security.java:61)

Cause

Before using the self-service-request samples you must first configure the desired setting for how your self-service system will work. 

The file in question come with the RSA Authentication Manager 8.x SDK that is available in the extras.zip.  Review 000034558 - How to download RSA Authentication Manager 8.x full kits and service packs from RSA Link for steps to download.

These settings are found in the Security Console under Setup > Self Service Settings > Manage Authenticators in RSA Authentication Manager 8.x and above
 
This error can also happen when not using the SDK.  A customer can set up Credential Manager > Manage Tokens to allow users to request one type of token (for example, Desktop PC 4.0) but when the user goes to the Self-Service Console he selects Generic AES.  Since this is not an approved token type, the error message of "This token type is not allowed in UCM" will display.  To resolve the issue simply add the correct token type.

Resolution

This specific error is cause because the sample code generates a request for a hardware token but the self-service system (Credential Manager) has not been configured to enable hardware tokens to be requested.  This option is handled on the Manage Tokens link under the Token Provisioning section and the option to allow users to Allow users to request Standard Cards should be enabled.

Workaround

A workaround would be to run the SDK example code CreateSelfServiceRequest.class.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 05:55 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.