Hi,
Actually, I managed to do basic tasks with powershell though New-WebServiceProxy. I can assign/unassign tokens to (Active Directory) users making some verifications like making sure nobody gets 2 tokens.
I would like now to permit one of my user to use a temporary Fixed Token code for let's say 2 weeks. I need to allow authentication with the token at any time and then disable online emergency tokencode.
First, I don't know the good workflow for this, I mean, do my code choose the code or will the response contain it ? Do I have to create an empty TokenEmergencyAccessDTO, fill it with parameters and then user the update command ? How does the GenerateEmergencyAccessCodeCommand command work ?
I can't find the procedural steps to permit my user to use an emergency token code though the API.
Since I already had a command server and a sessionid, I tried :
1. GenerateEmergencyAccessCodeCommand
$query = New-Object rsaapi.GenerateEmergencyAccessCodeCommand
$query.tokenGuid = $token.id
$CommandServer.executeCommand($loginCommand.sessionId, $query)
I get the following error while I can't specify an identity source : com.rsa.command.exception.DataNotFoundException: IdentitySource-Lookup : IdentitySource Guid is not specified
2. LookupTokenEmergencyAccessCommand
I could not make it work
3. UpdateTokenEmergencyAccessCommand
I could not make it work neither by passing a tokenEmergencyAccesDTO :
algorithm : 0
clearUnusedCodes : False
downloadNewEaTokenCode : False
eaExpiration : 30/09/2018 00:00:00
eaMode : 1
eacExpiresOn :
emergencyAccessTokenCode :
emergencyAccessTokenCodeAllowed : True
id :
lastEaAuth :
lastTFTAuth :
lostMode : 0
numUnusedCodes : 0
offlineAuthAllowed : False
oneTimeTokencodeSet :
serialNumber : 000505193721
temporaryFixedTokencode : 852963
tftExpiration :
tokenLost : False
tokenType : 0
validDownloadedData : False
validOfflineData : False
validOnlineData : False
Well any help in activating Emergency access code with API would be much appreciated !
Hi Thomas - I see that you have opened a support case with RSA. That's probably the route to go as I have too many unanswered questions to efficiently troubleshoot this in the forum.
Thanks,
Ted