I have a new user using a software token configured for an Android logging in for the first time. He is logging the message "New pin cancelled for user" when attempting to complete the PIN setting process.
Any ideas what would trigger this message. I have personally never seen it before.
Well, could be user error if the software token is 'pin integrated into passcode' and user
is making mistakes on how to set up pins on it
could be the agent they are using has a bug, and cannot actually do new pins
(some versions of vpn we know have had bugs where it won't work and we have
to wait for that vpn vendor to fix it)
suggestion: clear any pin for this user, and have them set it up with new pin
by logging into the self-service console web page. The page is guaranteed to be able to do it, and if
they cannot set up a new pin here, you know it is a user problem or something
not related to the device or agent they are using where it fails. The SSC helps isolate problems.
overall ....pin setup is usually
-get the tokencode and log in with that
-get prompted to set up a new pin, you enter a new pin twice
-then you get prompted to wait for the code to change, and enter next passcode. this could
means you enter the new pin into the android, and also be sure to wait 1 minute for the
codes to roll over, and then enter those new 8 digits as a passcode and that should work
-----------------------------
users need to know the term tokencode means digits from a token that no pin is involved in any way
a passcode means digits from a token and a pin is also involved
-handheld token
tokencode is the digits on the display only,
passcode is pin typed out, then the tokencode from the display
-software token that is set up as 'keyfob style', works same as hardware token
-software token that is set up 'pin-incorporated-into-tokencode' is different
the tokencode is the software token displayed digits when you enter no pin, or a pin of 0000
the passcode is the software token displayed digits after you enter a pin into the software token app,
it still just displays the same number of digits, but a pin is mathematically hidden in those digits
only the user and the RSA server knows if those digits has a pin lumped in or not