Symantec Access Management

  • Private Community
 View Only

  • 1.  CA Mobile OTP Application Account expire

    Posted Oct 12, 2017 08:41 AM

    A customer use CA Mobile OTP smartphone Application to generate OTP for strong authentication
    The CA Mobile OTP credential has been configured to never expires ( and this has been configured in the CA Mobile OTP (ArcotOTP-OATH) Issuance profile with Validity End Date= Never Expires )
    What we have discovered instead , is that when a new account is provisioned to the CA mobile app, also the account has an expiration date itself (and it is different from the credentials). The account expiration date is available in the CA Mobile OTP App in the Settings menu as shown below.

    It seems an expiration date  related to the provisioned account on the app and not related to the credential itself.

     

     

    CA Mobile OTP App - Settings menu

    What happen if the account expire? a new enrollment is required?

    Is there a way to change expiration date for an account already provisioned?

     

    Best Regards

    Claudio



  • 2.  Re: CA Mobile OTP Application Account expire

    Posted Oct 12, 2017 09:06 AM

    Ideally it should be in sync with Issuance profile unless you have updated the settings at server side without re-provisioning the account at client side as client will never know it.

     

    I think only option to have correct date is re-provisioning the account.

     

    Thanks,
    Sharan



  • 3.  Re: CA Mobile OTP Application Account expire

    Posted Oct 12, 2017 09:24 AM

    Hi  Sharan,

    we have already tried to recreate the account on the smartphone but we have the same behaviour.

    Moreover if the account is provisioned on the CA Mobile OTP desktop version, in that case the duration of the account is 10 year.

    So again, i think that the account duration is not related to "CA Mobile OTP credential" validity , but is coming from another settings.

    Did you have a chance to test in your environment and verify if in your case account duration is the same of credential validity?

    Best Regards

    Claudio



  • 4.  Re: CA Mobile OTP Application Account expire
    Best Answer

    Posted Oct 12, 2017 09:51 AM

    Hi Claudio,

     

    I see you are using 8.1 version of the product and we have made a fix in 8.1.3 version which will fix this issue for you. Below is some information about that. But I will suggest you to upgrade to latest software as well which provides lots of platform support flexibility and new features along with bug fixes.

    CA Mobile OTP validity end date not overridden by adapter - CA Mobile OTP XML response doesn't present <expiry> tag, due to which CA Mobile OTP does not set expiry date correctly during Mobile OTP account activation.

    https://docops.ca.com/ca-advanced-authentication/8-1-3/EN/release-notes/ca-advanced-authentication-8-1-3-update-release-notes#CAAdvancedAuthentication8.1.3UpdateReleaseNotes-FixedIssues

     

    Thanks,
    Sharan



  • 5.  Re: CA Mobile OTP Application Account expire

    Broadcom Employee
    Posted Oct 13, 2017 04:06 PM

    Hi Claudio,

     

    If you are using 8.1 version then this is a bug. In 8.1.3 version, the expiry tag is passed properly, these dates are controlled by the profile we create for any credentials.

    Because of AFM bug the expiry tag is not sent properly and you have to upgrade the adapter and then do the reprovisioning.

    It was fixed in 2.2.9 adapter but forward ported in 8.1.3 adapter and not 8.1

     

    Thanks

    Awijit