This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard with token and password changes

Is there anyone out there that uses Safeguard with a USB token for authentication? if so, how do you handle windows AD password changes? we are testing this scenario out and there doesn't seem to be a solution on how to get the token back in sync with the new password...other than manually reissuing it from an admin console.



This thread was automatically locked due to age.
Parents
  • I'm testing this out myself and have found a workaround sort of but led me into another issue. First, you plug the token belonging to the user into a machine running Safeguard Management Center. After you verified which port it is under go to the Users and Computers tab and navigate to that user. Choose the the certificate tab and highlight said cert. After on the toolbar above select GENERATE AND ASSIGN CERTIFICATE BY TOKEN. 

    It'll prompt you for the users PIN. Input that and it should successfully change the cert for an autogenerated one to that of a token generated cert. Verify this cert is on you USB token by choosing Credentials & Certificates tab located under the token tab. Upon doing this myself i found that even if the user changes their password within the SGN credential provider you'll see said user certs and keys being generated. 

    Now this issue I've come across now is the user NEEDS said token to login. If no token is found manual authentication won't work and you'll have to issue a Challenge/Response session to get past this screen.

Reply
  • I'm testing this out myself and have found a workaround sort of but led me into another issue. First, you plug the token belonging to the user into a machine running Safeguard Management Center. After you verified which port it is under go to the Users and Computers tab and navigate to that user. Choose the the certificate tab and highlight said cert. After on the toolbar above select GENERATE AND ASSIGN CERTIFICATE BY TOKEN. 

    It'll prompt you for the users PIN. Input that and it should successfully change the cert for an autogenerated one to that of a token generated cert. Verify this cert is on you USB token by choosing Credentials & Certificates tab located under the token tab. Upon doing this myself i found that even if the user changes their password within the SGN credential provider you'll see said user certs and keys being generated. 

    Now this issue I've come across now is the user NEEDS said token to login. If no token is found manual authentication won't work and you'll have to issue a Challenge/Response session to get past this screen.

Children
No Data