AnsweredAssumed Answered

Distribution of Software Tokens via API fails (no QR Code shown)

Question asked by Daniel Oderbolz on Oct 31, 2017
Latest reply on Nov 10, 2017 by Daniel Oderbolz


Hi,

I have a similar, but slightly different problem that was discussed in https://community.rsa.com/thread/193593 which was solved by Ted Barbour
We want to distribute tokens automatically (ultimately to automate provisioning via Service Now).
To that end, our team has written a REST API using Java (RSA Authentication Manager 8.1 API), because no such API exists (!).

We are able to provision Hard Tokens just fine.
But with Software Tokens, a bad profile (File Based) is used, instead of the proper one (Dynamic Seed provisioning/CTKIP) (See Attached "00_bad_profile.png")

The Funny thing is that we do not have any filed based profiles defined (it seems that some magic default is used) (See Attached "Profile_List.png"). For completeness, I attached the definition of the Pofiles we have defined (Profile_XY.png).

 

The idea of our code is to assign a given user the next available soft token using a profile given as string (e. g. "iPhone"):

 

 

 

public String assignSoftToken(String username, String profile)
throws Exception {

// check if profile exists
String guid = getSofttokenProfileGUID(profile);
if (guid == null || guid.equals("")) {
logger.error("Software Profile not found");
System.exit(9);
}

String out = assignNextSofttoken(username);
assignSofttokenProfile(out, profile);
distributeSofttoken(out);
return out;
}

To that end, we need to find the GUID of the given profile:

 

private String getSofttokenProfileGUID(String name) throws Exception {

// Check for Windows Phone
if (name.startsWith("Windows")) {
name = "Windows Phone";
}

ListSoftTokenProfilesCommand cmd = new ListSoftTokenProfilesCommand();
cmd.execute();
ListSoftTokenProfilesDTO dtos = cmd.getSoftTokenProfilesDTO();
for (SoftTokenProfileDTO dto : dtos.getSoftTokenProfiles()) {
if (name != null && !name.equals("") && name.equals(dto.getName())) {
return dto.getGuid();
}
}
throw new Exception("Softoken Profile not found");
}

Then we assign the next available soft token:

public String assignNextSofttoken(String username) throws Exception {
// lookup and then ...
String userGuid = lookupUser(username).getGuid();

ListTokenDTO token = null;
try {
token = getNextToken(4);
} catch (Exception e) {
logger.error("No more software token available");
System.exit(5);
}

String[] tokens = new String[] { token.getGuid() };
LinkTokensWithPrincipalCommand cmd2 = new LinkTokensWithPrincipalCommand(
tokens, userGuid);
cmd2.execute();
return token.getSerialNumber();
}

As a result, we get the serial number of the token.

 

Before distribution, we assign the profile:

 

 

public void assignSofttokenProfile(String softtokensn,
String softtokenprofile) throws Exception {

ListTokenDTO token = findAssignedsTokensBySN(softtokensn);

String[] tokens = new String[] { token.getGuid() };

LinkSoftTokensWithProfileCommand cmd = new LinkSoftTokensWithProfileCommand();
String softokenguid = getSofttokenProfileGUID(softtokenprofile);
cmd.setSoftTokenProfileGuid(softokenguid);
cmd.setTokenGuids(tokens);
try {
cmd.execute();
} catch (InvalidArgumentException e) {
logger.error("Token is not a software token");
System.exit(4);
}

}

 

and then we distribute:

 

public void distributeSofttoken(String softtokensn) throws Exception {

TokenDTO dto = retrieveTokenDTO(softtokensn);
String[] tokens = new String[] { dto.getId() };

IssueSoftwareTokensCommand issueCmd = new IssueSoftwareTokensCommand();

DistributeSoftTokenRequest request = new DistributeSoftTokenRequest();
request.setTokenGuids(tokens);
request.setSoftTokenProfileGuid(dto.getSoftTokenProfileId());
request.setDeviceTypePluginModuleName(getSofttokenDeviceTypeName(dto
.getSoftTokenDeviceTypeId()));

issueCmd.setRequest(request);
issueCmd.execute();
}

Now my gut feeling is that dto.getSoftTokenProfileId() does not return the proper profile.

 

 

Do you see anything that's wrong here?

 

Best

Daniel

Outcomes