Generate ad hoc reports for tokens attributes with software token profile names in RSA Authentication Manager 8.x
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5 or later
Platform: SUSE Linux Enterprise
O/S Version: SUSE Linux 12 SP4 or later
Product Description: RSA SecurID Appliance
Issue
Then they require to run a report with token serial numbers with its software token profile distributed to find how many users are pending.
The software token profile category is not available in the default RSA Authentication Manager report templates. The only way to check on this detail from the Security Console is by opening the token dashboard from the Security Console (Authentication > SecurID Tokens > Manage Existing).
Resolution
1. Launch an SSH client, such as PuTTy.
2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup, another username may have been selected. Use that username to log in.
3. Enter the following command to get the database password:
rsaadmin@am87p:> cd /opt/rsa/am/utils/ rsaadmin@am87p:> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> com.rsa.db.dba.password: AbcdEfgh1jklmn0pqr5tuvwxyZNote: The database password will be different for each installation of RSA Authentication Manager.
4. Use the following queries to generate a report with the token attributes and software token profiles:
rsaadmin@am87p:> cd /opt/rsa/am/pgsql/bin/ rsaadmin@am87p:> ./psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( SELECT ipd.loginuid, iis.name identity_source,amt.serial_number token_serial_number,amt.token_shutdown_date token_expiry_date_utc,amt.token_code_length,amt.token_code_interval,tp.name profile_name FROM rsa_rep.ims_principal_data ipd INNER JOIN rsa_rep.ims_identity_source iis ON iis.id = ipd.identity_src_id LEFT JOIN rsa_rep.am_token amt ON amt.principal_id = ipd.id LEFT JOIN rsa_rep.am_sw_token_profiles tp ON amt.sw_token_profile_id = tp.id where amt.terminate_date is not null AND amt.token_shutdown_date <= '2027-02-28 00:00:00.000') TO STDOUT WITH CSV HEADER" > /tmp/SWprofileTokens_report.csv Password for user rsa_dba: <enter the com.rsa.db.dba.password string from above>This query generates a report of tokens with software token profile names that shut down before a specific expiration date.
In the example below, the date is 28 February 2027 and can be changed to any date.
loginuid identity_source token_serial_number token_expiry_date_utc token_code_length token_code_interval profile_name testadmin Internal Database 000008888979 2026-07-06 00:00:00 8 60 androidCTF rsatest Internal Database 000008888980 2026-07-06 00:00:00 8 30 Test30SecondsCTF
The report output SWprofileTokens_report.csv is saved in /tmp. You can copy the report using the WinSCP application to your local PC and view them using any text editor or spreadsheet applications.
Related Articles
Authentication Manager Log Messages (16101-16160) Number of Views Manage Identity Providers Number of Views Managing Authenticators for Self-Service Users Number of Views Refresh the Node Secret Number of Views Replace a Token for a User in the User Dashboard Number of Views
Trending Articles
Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU How to create and configure certificates for HTTPS access when using intermediate CA certs in RSA Identity Governance & Li… RSA MFA Agent 2.4.3 for Microsoft Windows Release Notes RSA Authentication Manager 8.9 Patches and Hotfixes Readme This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x…
Don't see what you're looking for?
