A customer use CA Mobile OTP smartphone Application to generate OTP for strong authenticationThe CA Mobile OTP credential has been configured to never expires ( and this has been configured in the CA Mobile OTP (ArcotOTP-OATH) Issuance profile with Validity End Date= Never Expires )What we have discovered instead , is that when a new account is provisioned to the CA mobile app, also the account has an expiration date itself (and it is different from the credentials). The account expiration date is available in the CA Mobile OTP App in the Settings menu as shown below.
It seems an expiration date related to the provisioned account on the app and not related to the credential itself.
What happen if the account expire? a new enrollment is required?
Is there a way to change expiration date for an account already provisioned?
Ideally it should be in sync with Issuance profile unless you have updated the settings at server side without re-provisioning the account at client side as client will never know it.
I think only option to have correct date is re-provisioning the account.
we have already tried to recreate the account on the smartphone but we have the same behaviour.
Moreover if the account is provisioned on the CA Mobile OTP desktop version, in that case the duration of the account is 10 year.
So again, i think that the account duration is not related to "CA Mobile OTP credential" validity , but is coming from another settings.
Did you have a chance to test in your environment and verify if in your case account duration is the same of credential validity?
I see you are using 8.1 version of the product and we have made a fix in 8.1.3 version which will fix this issue for you. Below is some information about that. But I will suggest you to upgrade to latest software as well which provides lots of platform support flexibility and new features along with bug fixes.
CA Mobile OTP validity end date not overridden by adapter - CA Mobile OTP XML response doesn't present <expiry> tag, due to which CA Mobile OTP does not set expiry date correctly during Mobile OTP account activation.
If you are using 8.1 version then this is a bug. In 8.1.3 version, the expiry tag is passed properly, these dates are controlled by the profile we create for any credentials.
Because of AFM bug the expiry tag is not sent properly and you have to upgrade the adapter and then do the reprovisioning.
It was fixed in 2.2.9 adapter but forward ported in 8.1.3 adapter and not 8.1