We had several hundred software tokens that expired on the same date. We have extended the lifetime of the tokens in question but we would like to know where this lifetime was originally configured in RSA Authentication Manager.
"at the factory" in the token seed record .xml file that was purchased through RSA and downloaded to your site then imported into into the Security Console.
Before AM 8.2, software tokens could not be extended, so you would have been forced to replace, which requires distribution and download to the user device. Extending tokens avoids that.
So at some point, or a several points over the years, a company would have purchased, downloaded (or received a CD by mail), imported into Security Console and distributed the software token to a user who would have imported the .sdtid file or CKTip URL into their device (PC or smart phone app), set their PIN and worked....until that token expiration date approached. In the old days they had to get a replacement token and repeat the distribution and import .sdtid file or CTkip URL (QR code is a picture of a CTKip URL), which is why extend software tokens is very useful
Perfect. That's what I needed to know!
For all tokens: The factory expire date will be seen in the Security Console.
For Software Tokens: the end user device will always show Dec 2035 as expire date. This is to facilitate
extending token lifetimes (by purchasing new tokens and using the Security Console) and the end user
need to do nothing. The token will expire on time and the AM admin will know, end user just sees authentications fail.
If you extend the token with a new expire date it will produce good authentications again.
The Token Seed record .xml files are digitally signed, so you can read them and see expiration dates, but can't edit them
Retrieving data ...