Creating an account password of greater than 100 characters for On-Demand Authentication (ODA) configuration on RSA Authentication Manager 8.x via SMS
2 years ago
Originally Published: 2018-08-21
Article Number
000040870
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
When setting up On-Demand Authentication (ODA) for SMS on RSA Authentication Manager 8.x via the Security Console (Setup > System Settings > Authentication Settings > On-Demand Tokencode Delivery > SMS Configuration) the following error displays:

The indicated field (s) on this page require your attention.
"Account Password" cannot be greater than 100 characters
 
ODA
Cause
Per design, the default On-Demand Tokencode Delivery for SMS on RSA Authentication Manager 8.x allows the SMS Provider Configuration Account Password field to have a maximum of 100 characters. However, some SMS service providers share the Account Password, which exceeds this limit.

 
Resolution

Before continuing with the steps below, please take a backup of your database via the Operations Console (Maintenance > Backup and Restore > Backup Now).

  1. Launch an SSH client, such as PuTTy.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Navigate to /opt/rsa/am/server/servers/console/tmp/_WL_user/console-ims/<alphanumeric _named _directory>/war/WEB-INF

The <alphanumeric_named_directory> is sr8qlq on this Authentication Manager server.  This value will be different in each customer deployment.

  1. Make a backup of the validation-am.xml.
  2. Open the validation-am.xml with vi.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Aug 27 13:33:27 2018 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:/opt/rsa/am> cd /opt/rsa/am/server/servers/console/tmp/_WL_user/console-ims/sr8qlq/war/WEB-INF/
rsaadmin@am82p:/opt/rsa/am/server/servers/console/tmp/_WL_user/console-ims/sr8qlq/war/WEB-INF> cp validation-am.xml validation-am.xml.bk
rsaadmin@am82p:/opt/rsa/am/server/servers/console/tmp/_WL_user/console-ims/sr8qlq/war/WEB-INF> vi validation-am.xml
  1. Search for the httpSmsSvcPassword field in the xml.  Underneath that look for the stanza of <var-name>maxlength</var-name> <var-value>100</var-value>:
<field property="httpSmsSvcPassword" depends="requiredif,maxlength">
                                <arg key="AM.OnDemandCodeConfig.prelabel.Account.3" position="0" />
                                <arg name="maxlength" key="${var:maxlength}" resource="false" position="1"/>
...
<var-name>maxlength</var-name> <var-value>100</var-value>
  1. Change maxlength from 100 to 256 characters, as shown.  Note:  If the Account Password is longer than 256 characters, make changes accordingly to accommodate the new password length.
<var-name>maxlength</var-name> <var-value>256</var-value>
  1. Save and close the file when done.
  2. Restart the RSA Authentication Manager services for the changes to take effect.
rsaadmin@am82p:/opt/rsa/am/server/servers/console/tmp/_WL_user/console-ims/nq9mdg/war/WEB-INF> cd /opt/rsa/am/server/
rsaadmin@am82p:/opt/rsa/am/server> ./rsaserv restart all
Don't see what you're looking for?