I'm currently evaluating RSA Authentication Manager 8.2 SP1.
I have On-demand authentication configured using an SMS service and I'm authenticating using Cisco AnyConnect 4.4 and it works pretty much the way I want it.
The only glitch I'm experiencing is when a user has a new or cleared/temporary PIN.
AnyConnect prompts for a new PIN (twice) and the PIN change is successful and the PIN is accepted. It then says "Wait for token to change, then enter the new tokencode".
For some reason, no token code is being sent out via SMS at this point.
This happens only in the logon session where the user is forced to change the PIN. If the user cancels the logon after changing the PIN and then makes a new logon using the newly created PIN everything works as expected.
This would be quite confusing for the end user. Can it be fixed in any way?