AnsweredAssumed Answered

Performing SecurID 'Next Tokencode' process via RADIUS?

Question asked by Terence Withers on Feb 26, 2018
Latest reply on Mar 1, 2018 by Erica Chalfin



I am implementing a solution that authenticates with against Authentication Manager 8.1 using SecurID hardware tokens and the RADIUS protocol.


I need to make my solution handle the 'next tokencode' mode, where the AM requires the user to enter the next token code displayed on their SecurID token. I need to understand how this is done via the RSA RADIUS interface.


I'm expecting the process to be similar to that for the PIN change process (see:, and Article number 000027040 suggests that 'next tokencode' mode is cleared using a 'slight variation' on the pin reset process, but stops short of describing what those slight variations actually are.


Does anyone know what the process is for clearing 'next tokencode' mode using the RADIUS interface is? Specifically:

- What the states of the process are?
- What the values for the State attribute will be for the different states?
- How one can differentiate between a PIN change and a next token code situation, (differerent value for State attribute? Or perhaps I need to parse the Reply-Message attribute?


The behaviour of the RSA RADIUS protocol for Token tasks such as PIN change or Next Token code doesn't seem to be documented anywhere in the SecurID documentation. If anyone knows different, please let me know!


Many thanks.