Just updated to RSA Authentication Manager 8.4 P 01 and now we see garbled text after setting a PIN on a token.
We thought it was a Citrix issue but wouldn't that text actually come from RSA..?
Just updated to RSA Authentication Manager 8.4 P 01 and now we see garbled text after setting a PIN on a token.
We thought it was a Citrix issue but wouldn't that text actually come from RSA..?
I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access and click Ask A Question. That way your question will appear in the correct space.
Regards,
Erica
It looks like the securid.ini file, which contains the prompts, may be incorrect. The file is not replicated, so you'll need to check all the instances manually, I'm afraid. Log into the Operations Console, under Deployment Configuration > RADIUS Servers, select each instance (one at a time of course) and EDIT.. Look in the edit box for "PIN Accepted ..." and correct if necessary. It could be in multiple prompts, so don't stop at the first one. If you find a garbled one, MAKE A BACKUP before attempting any changes. After you change it you'll need to restart the RADIUS server -- there's a button to restart it below the edit box.
Hello,
This is a known issue, currently being looked at by engineering. Double or unexpected characters in radius state responses.
Internal defect numbers AM-33200 and AM-33070.
We'll have a fix for this in the future.
----------------------
You can do a workaround in the meantime:
2 steps
1) Edit the securid.ini file
and see if you have two RSA Prompts sections, you can remove one entire section if it is duplicated.
example: If you have a duplicate, one chunk here can be deleted, file saved, and restart radius,
NOTE: editing the file using the Operations Console is easier as you can save and restart radius with a button press
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;RSA Prompts
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Prompts]
ExtInputMayChoose = \r\nA new PIN is required.\r\nDo you want system to generate your new PIN? (y/n):
ExtInputReadyForPin = \r\nARE YOU PREPARED TO HAVE THE SYSTEM GENERATE YOUR PIN? (y/n):
ExtInputReadyForPin_1_S = \r\nAre you satisfied with system generated PIN %s ? (y/n):
ExtInputMustChoose_D = \r\nEnter a new PIN having %d digits:
ExtInputMustChoose_C = \r\nEnter a new PIN having %d alphanumeric characters:
ExtInputMustChoose_D_D = \r\nEnter a new PIN having from %d to %d digits:
ExtInputMustChoose_C_C = \r\nEnter a new PIN having from %d to %d alphanumeric characters:
ExtOutputChange = \r\nPIN Accepted.\r\nWait for the token code to change,\r\nthen enter the new passcode:
ExtInputYesOrNo = \r\nPlease enter \'y\' or \'n\':
ExtInputNextCode = \r\nWait for token to change,\r\nthen enter the new tokencode:
ExtOutputReject = \r\nPIN rejected. Please try again.\r\n
ExtPromptNotUsed = \r\nInvalid PIN was specified\r\n
ExtOutputDeniedFinal = \r\nAccess Denied\r\n
ExtPromptNotUsed = \r\nSystem Generated PINs Are Disabled. Access Denied.\r\n
ExtOutputAccepted = \r\nPASSCODE Accepted\r\n
ExtInputEnterPasscode = \r\nPlease Enter PASSCODE
ExtInputReenterPin = \r\nPlease re-enter new PIN:
ExtInputReenterPin_1 = \r\nPINs do not match. Please try again.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;RSA Prompts
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Prompts]
ExtInputMayChoose = \r\nA new PIN is required.\r\nDo you want system to generate your new PIN? (y/n):
ExtInputReadyForPin = \r\nARE YOU PREPARED TO HAVE THE SYSTEM GENERATE YOUR PIN? (y/n):
ExtInputReadyForPin_1_S = \r\nAre you satisfied with system generated PIN %s ? (y/n):
ExtInputMustChoose_D = \r\nEnter a new PIN having %d digits:
ExtInputMustChoose_C = \r\nEnter a new PIN having %d alphanumeric characters:
ExtInputMustChoose_D_D = \r\nEnter a new PIN having from %d to %d digits:
ExtInputMustChoose_C_C = \r\nEnter a new PIN having from %d to %d alphanumeric characters:
ExtOutputChange = \r\nPIN Accepted.\r\nWait for the token code to change,\r\nthen enter the new passcode:
ExtInputYesOrNo = \r\nPlease enter \'y\' or \'n\':
ExtInputNextCode = \r\nWait for token to change,\r\nthen enter the new tokencode:
ExtOutputReject = \r\nPIN rejected. Please try again.\r\n
ExtPromptNotUsed = \r\nInvalid PIN was specified\r\n
ExtOutputDeniedFinal = \r\nAccess Denied\r\n
ExtPromptNotUsed = \r\nSystem Generated PINs Are Disabled. Access Denied.\r\n
ExtOutputAccepted = \r\nPASSCODE Accepted\r\n
ExtInputEnterPasscode = \r\nPlease Enter PASSCODE
ExtInputReenterPin = \r\nPlease re-enter new PIN:
ExtInputReenterPin_1 = \r\nPINs do not match. Please try again.
2) In the same file,
these \r\n characters on lines where you see boggled text in your radius replies, can be removed, file saved, restart radius.
Example: I was getting odd duplicate characters on the line 'PIN accepted. Wait for the tokencode to change...' in my radius responses....
I edited that line and removed the \r\n
original version
ExtOutputChange = \r\nPIN Accepted.\r\nWait for the token code to change,\r\nthen enter the new passcode
fixed version
ExtOutputChange = PIN Accepted. Wait for the token code to change, then enter the new passcode
restarted radius, works fine now.
---------
As always make a backup of the securid.ini file before making changes.
Great, I've made those changes to the securid.ini file and it's resolved the issue.
Thanks
Chris
Have these defects been fixed in either 8.4 P02 or 03?
Has this issue been adressed in some update? Is there a fixed version?
I just checked the bug IDs, AM-33200 is a duplicate of AM-33070, which should have been fixed in AM 8.4 P6.
So you need patch 6 or later.
Hello,
This is a known issue, currently being looked at by engineering. Double or unexpected characters in radius state responses.
Internal defect numbers AM-33200 and AM-33070.
We'll have a fix for this in the future.
----------------------
You can do a workaround in the meantime:
2 steps
1) Edit the securid.ini file
and see if you have two RSA Prompts sections, you can remove one entire section if it is duplicated.
example: If you have a duplicate, one chunk here can be deleted, file saved, and restart radius,
NOTE: editing the file using the Operations Console is easier as you can save and restart radius with a button press
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;RSA Prompts
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Prompts]
ExtInputMayChoose = \r\nA new PIN is required.\r\nDo you want system to generate your new PIN? (y/n):
ExtInputReadyForPin = \r\nARE YOU PREPARED TO HAVE THE SYSTEM GENERATE YOUR PIN? (y/n):
ExtInputReadyForPin_1_S = \r\nAre you satisfied with system generated PIN %s ? (y/n):
ExtInputMustChoose_D = \r\nEnter a new PIN having %d digits:
ExtInputMustChoose_C = \r\nEnter a new PIN having %d alphanumeric characters:
ExtInputMustChoose_D_D = \r\nEnter a new PIN having from %d to %d digits:
ExtInputMustChoose_C_C = \r\nEnter a new PIN having from %d to %d alphanumeric characters:
ExtOutputChange = \r\nPIN Accepted.\r\nWait for the token code to change,\r\nthen enter the new passcode:
ExtInputYesOrNo = \r\nPlease enter \'y\' or \'n\':
ExtInputNextCode = \r\nWait for token to change,\r\nthen enter the new tokencode:
ExtOutputReject = \r\nPIN rejected. Please try again.\r\n
ExtPromptNotUsed = \r\nInvalid PIN was specified\r\n
ExtOutputDeniedFinal = \r\nAccess Denied\r\n
ExtPromptNotUsed = \r\nSystem Generated PINs Are Disabled. Access Denied.\r\n
ExtOutputAccepted = \r\nPASSCODE Accepted\r\n
ExtInputEnterPasscode = \r\nPlease Enter PASSCODE
ExtInputReenterPin = \r\nPlease re-enter new PIN:
ExtInputReenterPin_1 = \r\nPINs do not match. Please try again.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;RSA Prompts
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Prompts]
ExtInputMayChoose = \r\nA new PIN is required.\r\nDo you want system to generate your new PIN? (y/n):
ExtInputReadyForPin = \r\nARE YOU PREPARED TO HAVE THE SYSTEM GENERATE YOUR PIN? (y/n):
ExtInputReadyForPin_1_S = \r\nAre you satisfied with system generated PIN %s ? (y/n):
ExtInputMustChoose_D = \r\nEnter a new PIN having %d digits:
ExtInputMustChoose_C = \r\nEnter a new PIN having %d alphanumeric characters:
ExtInputMustChoose_D_D = \r\nEnter a new PIN having from %d to %d digits:
ExtInputMustChoose_C_C = \r\nEnter a new PIN having from %d to %d alphanumeric characters:
ExtOutputChange = \r\nPIN Accepted.\r\nWait for the token code to change,\r\nthen enter the new passcode:
ExtInputYesOrNo = \r\nPlease enter \'y\' or \'n\':
ExtInputNextCode = \r\nWait for token to change,\r\nthen enter the new tokencode:
ExtOutputReject = \r\nPIN rejected. Please try again.\r\n
ExtPromptNotUsed = \r\nInvalid PIN was specified\r\n
ExtOutputDeniedFinal = \r\nAccess Denied\r\n
ExtPromptNotUsed = \r\nSystem Generated PINs Are Disabled. Access Denied.\r\n
ExtOutputAccepted = \r\nPASSCODE Accepted\r\n
ExtInputEnterPasscode = \r\nPlease Enter PASSCODE
ExtInputReenterPin = \r\nPlease re-enter new PIN:
ExtInputReenterPin_1 = \r\nPINs do not match. Please try again.
2) In the same file,
these \r\n characters on lines where you see boggled text in your radius replies, can be removed, file saved, restart radius.
Example: I was getting odd duplicate characters on the line 'PIN accepted. Wait for the tokencode to change...' in my radius responses....
I edited that line and removed the \r\n
original version
ExtOutputChange = \r\nPIN Accepted.\r\nWait for the token code to change,\r\nthen enter the new passcode
fixed version
ExtOutputChange = PIN Accepted. Wait for the token code to change, then enter the new passcode
restarted radius, works fine now.
---------
As always make a backup of the securid.ini file before making changes.