AnsweredAssumed Answered

How to distribute an assigned software token in Java using the RSA AM 8.1 API

Question asked by Ran Yohai on Oct 9, 2017
Latest reply on Oct 26, 2017 by Daniel Oderbolz

Like • Show 0 Likes0
Comment • 8

Hi,

I have to have the ability in Java to distribute a software token (SecureID token), which has already been assigned to a user, using the RSA Authentication Manager 8.1 API.

Here are two of my attempts to do so, without any success:

First attempt


LookupTokenCommand tokenCmd = new LookupTokenCommand();
tokenCmd.setSerialNumber(tokenSerialNumber);
tokenCmd.execute();
String tokenGuid = tokenCmd.getToken().getId();

String[] tokensGuids = new String[1];
tokensGuids[0] = tokenGuid;

AMTokenAttributeValueDTO[] attributes = new AMTokenAttributeValueDTO[2];
attributes[0] = new AMTokenAttributeValueDTO();
attributes[0].setTokenGUID(tokenGuid);
attributes[0].setId("DeviceSerialNumber");
attributes[0].setValue("blablabla");
attributes[1] = new AMTokenAttributeValueDTO();
attributes[1].setTokenGUID(tokenGuid);
attributes[1].setId("Nickname");
attributes[1].setValue("ran test");

DistributeSoftTokenRequest request = new DistributeSoftTokenRequest();
request.setSoftTokenProfileGuid(requiredProfile.getGuid());
request.setTokenGuids(tokensGuids);
request.setProtectedMethod(DistributeSoftTokenRequest.ST_PROTECTED_NONE);
request.setOutputMethod(DistributeSoftTokenRequest.ST_OUTPUT_ONE_PER_FILE);
request.setCopyProtected(true);
request.setRegenerateSeed(true);
request.setDeviceTypeGuid(requiredDeviceType.getGuid());
request.setDeviceType("Android");
request.setTokenAttrValueDTOs(attributes);

IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand(request);
issueCmd.execute(); // <- Here I get an error

Error message:

com.rsa.command.exception.InvalidArgumentException: Missing device type

Second attempt


LookupTokenCommand tokenCmd = new LookupTokenCommand();
tokenCmd.setSerialNumber(tokenSerialNumber);
tokenCmd.execute();
String tokenGuid = tokenCmd.getToken().getId();

String[] tokensGuids = new String[1];
tokensGuids[0] = tokenGuid;

IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand();
IssueSoftTokenRequest req = new IssueSoftTokenRequest();
req.setTokenGuids(tokensGuids);
req.setProtectedMethod(IssueSoftTokenRequestBase.ST_PROTECTED_NONE);
issueCmd.setRequest(req);
issueCmd.execute(); // <- Here I get an error

Error message:

com.rsa.command.exception.InvalidArgumentException: Missing device type

Thanks in advance for any help!

Ran

Ted Barbour

Oct 10, 2017 1:45 PM

Correct Answer

Hi Ran - one thing I notice is no call to DistributeSoftTokenRequest.setDeviceTypePluginModuleName().

Also your code snippet does not show how your variable requiredDeviceType was obtained.

Here is some EXAMPLE code that has worked in the past. Hopefully you can incorporate the necessary pieces into your code:

// Get token GUID
LookupTokenCommand LTC = new LookupTokenCommand();
LTC.setSerialNumber("000132251664");
LTC.execute();

TokenDTO token= LTC.getToken();
String GUID = token.getId();

//Get software token profile GUID
ListSoftTokenProfilesCommand LSPC = new ListSoftTokenProfilesCommand();
LSPC.execute();
ListSoftTokenProfilesDTO ProfilesList = LSPC.getSoftTokenProfilesDTO();
SoftTokenProfileDTO[] Profiles = ProfilesList.getSoftTokenProfiles();
String ProfileName="Desktop_PC_5";
String ProfileGUID="";
for (SoftTokenProfileDTO Profile : Profiles)
{
if (Profile.getName().equals(ProfileName))
{
ProfileGUID=Profile.getGuid();
break;
}
}

// Get Token Device Type
LookupSoftTokenDeviceTypeCommand devType = new LookupSoftTokenDeviceTypeCommand();
devType.setSoftTokenDeviceTypeGuid(token.getSoftTokenDeviceTypeId());
devType.execute();
SoftTokenDeviceTypeDTO dt = devType.getSoftTokenDeviceTypeDTO();

// Distribute token
DistributeSoftTokenRequest req = new DistributeSoftTokenRequest();
req.setSoftTokenProfileGuid(ProfileGUID);
req.setTokenGuids(new String[] {GUID});
req.setProtectedMethod(IssueSoftTokenRequestBase.ST_PROTECTED_NONE);
req.setDeviceTypeGuid(token.getSoftTokenDeviceTypeId());
req.setDeviceTypePluginModuleName(dt.getPluginModuleName());
IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand(req);
issueCmd.execute(session);

See the reply in context

No one else had this question

Outcomes

Ted Barbour

Oct 10, 2017 1:45 PM

Hi Ran - one thing I notice is no call to DistributeSoftTokenRequest.setDeviceTypePluginModuleName().

Also your code snippet does not show how your variable requiredDeviceType was obtained.

Here is some EXAMPLE code that has worked in the past. Hopefully you can incorporate the necessary pieces into your code:

// Get token GUID
LookupTokenCommand LTC = new LookupTokenCommand();
LTC.setSerialNumber("000132251664");
LTC.execute();

2 people found this helpful

Actions

Erica Chalfin

@ Ted Barbour on Oct 10, 2017 1:49 PM

Thanks, Ted Barbour!

Actions

Ran Yohai @ Ted Barbour on Oct 15, 2017 9:34 AM

Thank you Ted!

As you said, a calling to DistributeSoftTokenRequest.setDeviceTypePluginModuleName method was missing.

Once I've added it, it worked.

Actions

Kwame Darkwah @ Ted Barbour on Oct 18, 2017 11:22 PM

This was very helpful; however, can you also indicate the correct way to assign/set the "DeviceSerialNumber" and "Nickname" attributes against to token using the API. Performing the operation as indicated in the original posters example does appear to work.

Actions

Ted Barbour

@ Kwame Darkwah on Oct 19, 2017 11:49 AM

Here is some example/test code that may help you craft something for your environment:

LookupTokenCommand lookup = new LookupTokenCommand();
lookup.setGuid(tokens[i].getGuid()); //tokens from a SearchTokensCommand execution
lookup.execute();
TokenDTO token = lookup.getToken();

AMTokenAttributeValueDTO[] attrs = token.getSoftTokenDeviceTypeAttrValueDTOs();
if (attrs.length == 0) System.out.println("No token attributes");
for (int j=0; j < attrs.length; j++)
{
LookupAMAttributeDefinitionCommand defLookup = new LookupAMAttributeDefinitionCommand();
defLookup.setGuid(attrs[j].getAttrDefGUID());
defLookup.execute();
AMAttributeDefinitionDTO def = defLookup.getDTO();
System.out.println("attribute name = " + def.getAttrName());
System.out.println("attribute value = " + attrs[j].getValue());

//test setting the DeviceSerialNumber
if (def.getAttrName().equals("DeviceSerialNumber"))
{
    System.out.println("Setting DeviceSerialNumber");
    attrs[j].setValue("somebody@example.com");
    UpdateTokenCommand update = new UpdateTokenCommand();
    update.setToken(token);
    update.execute();
}
}

Actions

Kwame Darkwah @ Ted Barbour on Oct 19, 2017 2:13 PM

This solution worked beautifully; thank you for the quick turnaround.

Actions

Ted Barbour

@ Kwame Darkwah on Oct 19, 2017 2:16 PM

Great, glad to hear that was useful to you.

Good luck with your development efforts.

Ted

Actions

Daniel Oderbolz @ Ted Barbour on Oct 26, 2017 3:29 AM

Thanks a lot for this end-to-end example. This is clearly missing in the documentation!

We have the effect that the soft tokens get assigned an inexistent profile (file-based instead of QR Code based).

This means that users cannot activate these tokens in the App (and our servicedesk has a lot to do by hand).

Here is the function we use to distribute the tokens:

public void distributeSofttoken(String softtokensn) throws Exception {

TokenDTO dto = retrieveTokenDTO(softtokensn);
String[] tokens = new String[] { dto.getId() };

IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand();

DistributeSoftTokenRequest request = new DistributeSoftTokenRequest();
request.setTokenGuids(tokens);
request.setSoftTokenProfileGuid(dto.getSoftTokenProfileId());
request.setDeviceTypePluginModuleName(getSofttokenDeviceTypeName(dto
.getSoftTokenDeviceTypeId()));

issueCmd.setRequest(request);
issueCmd.execute();
}

If I am right, the only missing thing is

req.setProtectedMethod(IssueSoftTokenRequestBase.ST_PROTECTED_NONE);

What difference will this line of code make?

Best

Daniel

Actions

Incoming Links

Distribution of Software Tokens via API fails (no QR Code shown)

8 Replies

Ted Barbour Oct 10, 2017 1:45 PM
Unmark Correct
Correct Answer
Hi Ran - one thing I notice is no call to DistributeSoftTokenRequest.setDeviceTypePluginModuleName().
Also your code snippet does not show how your variable requiredDeviceType was obtained.
Here is some EXAMPLE code that has worked in the past. Hopefully you can incorporate the necessary pieces into your code:

// Get token GUID
LookupTokenCommand LTC = new LookupTokenCommand();
LTC.setSerialNumber("000132251664");
LTC.execute();
TokenDTO token= LTC.getToken();
String GUID = token.getId();

//Get software token profile GUID
ListSoftTokenProfilesCommand LSPC = new ListSoftTokenProfilesCommand();
LSPC.execute();
ListSoftTokenProfilesDTO ProfilesList = LSPC.getSoftTokenProfilesDTO();
SoftTokenProfileDTO[] Profiles = ProfilesList.getSoftTokenProfiles();
String ProfileName="Desktop_PC_5";
String ProfileGUID="";
for (SoftTokenProfileDTO Profile : Profiles)
{
if (Profile.getName().equals(ProfileName))
{
ProfileGUID=Profile.getGuid();
break;
}
}

// Get Token Device Type
LookupSoftTokenDeviceTypeCommand devType = new LookupSoftTokenDeviceTypeCommand();
devType.setSoftTokenDeviceTypeGuid(token.getSoftTokenDeviceTypeId());
devType.execute();
SoftTokenDeviceTypeDTO dt = devType.getSoftTokenDeviceTypeDTO();

// Distribute token
DistributeSoftTokenRequest req = new DistributeSoftTokenRequest();
req.setSoftTokenProfileGuid(ProfileGUID);
req.setTokenGuids(new String[] {GUID});
req.setProtectedMethod(IssueSoftTokenRequestBase.ST_PROTECTED_NONE);
req.setDeviceTypeGuid(token.getSoftTokenDeviceTypeId());
req.setDeviceTypePluginModuleName(dt.getPluginModuleName());
IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand(req);
issueCmd.execute(session);
2 people found this helpful
Like • Show 3 Likes3
Actions
- Erica Chalfin @ Ted Barbour on Oct 10, 2017 1:49 PM
  Mark Correct
  Correct Answer
  Thanks, Ted Barbour!
  Like • Show 0 Likes0
  Actions
- Ran Yohai @ Ted Barbour on Oct 15, 2017 9:34 AM
  Mark Correct
  Correct Answer
  Thank you Ted!
  As you said, a calling to DistributeSoftTokenRequest.setDeviceTypePluginModuleName method was missing.
  Once I've added it, it worked.
  Like • Show 0 Likes0
  Actions
- Kwame Darkwah @ Ted Barbour on Oct 18, 2017 11:22 PM
  Mark Correct
  Correct Answer
  This was very helpful; however, can you also indicate the correct way to assign/set the "DeviceSerialNumber" and "Nickname" attributes against to token using the API. Performing the operation as indicated in the original posters example does appear to work.
  Like • Show 0 Likes0
  Actions
  - Ted Barbour @ Kwame Darkwah on Oct 19, 2017 11:49 AM
    Mark Correct
    Correct Answer
    Here is some example/test code that may help you craft something for your environment:
    
    LookupTokenCommand lookup = new LookupTokenCommand();
    lookup.setGuid(tokens[i].getGuid()); //tokens from a SearchTokensCommand execution
    lookup.execute();
    TokenDTO token = lookup.getToken();
    
    AMTokenAttributeValueDTO[] attrs = token.getSoftTokenDeviceTypeAttrValueDTOs();
    if (attrs.length == 0) System.out.println("No token attributes");
    for (int j=0; j < attrs.length; j++)
    {
    LookupAMAttributeDefinitionCommand defLookup = new LookupAMAttributeDefinitionCommand();
    defLookup.setGuid(attrs[j].getAttrDefGUID());
    defLookup.execute();
    AMAttributeDefinitionDTO def = defLookup.getDTO();
    System.out.println("attribute name = " + def.getAttrName());
    System.out.println("attribute value = " + attrs[j].getValue());
    
    //test setting the DeviceSerialNumber
    if (def.getAttrName().equals("DeviceSerialNumber"))
    {
        System.out.println("Setting DeviceSerialNumber");
        attrs[j].setValue("somebody@example.com");
        UpdateTokenCommand update = new UpdateTokenCommand();
        update.setToken(token);
        update.execute();
    }
    }
    Like • Show 1 Like1
    Actions
    - Kwame Darkwah @ Ted Barbour on Oct 19, 2017 2:13 PM
      Mark Correct
      Correct Answer
      This solution worked beautifully; thank you for the quick turnaround.
      Like • Show 0 Likes0
      Actions
      - Ted Barbour @ Kwame Darkwah on Oct 19, 2017 2:16 PM
        Mark Correct
        Correct Answer
        Great, glad to hear that was useful to you.
        Good luck with your development efforts.
        
        Ted
        Like • Show 0 Likes0
        Actions
- Daniel Oderbolz @ Ted Barbour on Oct 26, 2017 3:29 AM
  Mark Correct
  Correct Answer
  Thanks a lot for this end-to-end example. This is clearly missing in the documentation!
  We have the effect that the soft tokens get assigned an inexistent profile (file-based instead of QR Code based).
  This means that users cannot activate these tokens in the App (and our servicedesk has a lot to do by hand).
  
  Here is the function we use to distribute the tokens:
  
  public void distributeSofttoken(String softtokensn) throws Exception {
  TokenDTO dto = retrieveTokenDTO(softtokensn);
  String[] tokens = new String[] { dto.getId() };
  IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand();
  DistributeSoftTokenRequest request = new DistributeSoftTokenRequest();
  request.setTokenGuids(tokens);
  request.setSoftTokenProfileGuid(dto.getSoftTokenProfileId());
  request.setDeviceTypePluginModuleName(getSofttokenDeviceTypeName(dto
  .getSoftTokenDeviceTypeId()));
  issueCmd.setRequest(request);
  issueCmd.execute();
  }
  
  If I am right, the only missing thing is
  
  req.setProtectedMethod(IssueSoftTokenRequestBase.ST_PROTECTED_NONE);
  
  What difference will this line of code make?
  Best
  Daniel
  Like • Show 0 Likes0
  Actions