Comments on: Pushing RSA SecurID Tokens to a BlackBerry

By: vineet

vineet — Fri, 08 Jul 2011 07:27:50 +0000

Hi,
what is BES host ? How to check it ?

Thanks

By: Kate

Kate — Tue, 25 Jan 2011 21:51:00 +0000

LOL – Nevermind… They say a fresh mind works better. Took another look and retyped everything from scratch once I'd taken a break and rested. PushToken appears to have worked for me this time. I just had to specify the full path both to the PushToken.jar and to the token itself. Once I did that, it ran like a charm.

Thanks anyway!

By: Kate

Kate — Tue, 25 Jan 2011 03:01:37 +0000

Hey — I've tried all suggestions I've seen, but PushToken isn't working for me. I get an error "Failed to load Main-Class manifest attribute from PushToken.jar" when I run it from the command line using: c:\> java -classpath c:\pushtoken\PushToken.jar PushToken -hxxx.xxx.xxx.xxx -p8080 -edevicePIN tokenname.sdtid

Is there something I'm missing?

By: Dave

Dave — Mon, 10 Jan 2011 21:57:44 +0000

We were able to get this to work. We created a new policy group on the server to support 3.5.1 and were able to install the 3.5.1 software on the phone and finally created a new software token and it imported.

By: Dave

Dave — Mon, 10 Jan 2011 18:35:20 +0000

I have the same problem at the moment and am trying to resolve it.

By: Dan

Dan — Mon, 15 Nov 2010 05:40:18 +0000

I have a torch 9800 with the 3.5.1 RSA software installed but I haven't been able to import the token via email. When I navigate to the token file in the email and select Import SecureID Token I get an error that says "Token not intended for this device. Token import failed. Contact your administrator." I did edit the file so it starts with x-rimdevice, has anyone else run into this issue?

By: Omar Viscafe

Omar Viscafe — Tue, 02 Nov 2010 17:58:57 +0000

I had problems with the RSA software for the new Curve 3G (9300 & 9330), but RSA has released a new fix

OTA: rsa.com/bb351

By: Omar Viscafe

Omar Viscafe — Mon, 01 Nov 2010 19:04:20 +0000

Try the built it token reader:

On older model settings>options>security options>software tokens

from BES:

The RSA SecureID Token will need to be manually applied at the BlackBerry Enterprise Server level by completing the following steps:

Open BlackBerry Manager.
Select the BlackBerry Enterprise Server in question.
Go to the Users tab.
Locate the user and right click.
Select Edit Properties.
Go to WLAN configuration.
Go to Software Tokens.
Select New.
Type the serial number of the software token.
Double click seed.
Click import from file.
Navigate to the software token seed file for the BlackBerry smartphone user, click open, and once the file has been imported – select OK.
If you configured a password in the RSA Authentication Manager to encrypt the .SDTID file seed, enter the password (and then re-enter to confirm).
In the timeout field, enter the length of time that the BlackBerry smartphone caches the personal identification number (PIN):
0: BlackBerry smartphone does not cache the PIN and prompts the BlackBerry smartphone user to authenticate at each login
1 through 9: BlackBerry smartphone retains the PIN in the cache for the specified number of minutes and then deletes it
-1 to -9:– BlackBerry smartphone caches the PIN until the seed is deleted or changed
Note: If you do not configure a timeout, the PIN is always cached.

Click Apply.

By: El Kabong

El Kabong — Fri, 03 Sep 2010 18:13:41 +0000

Got myself a Torch (OS 6.0) a couple of weeks ago, and I tried to push the RSA app 3.5 from my BES to it. It seemed to get pushed down to the device OK, and I imported the token via an email attachment (Option to import was available when I touched & held on to the ".sdtid' file). However, when I tried to launch the SID app afterwards I got
Uncaught Exception: Layout Requested During Layout:
Screen: Passcode Screen Engine
net.rim.device.api.ui.UiEngineImpl$UiEngineOldInterface Adapter@dxxxxxx

Googling found a result that OS 6.0 doesn't quite work with 3.5, and that us Torch users must wait for 3.5.1, due ~mid-Sept.

Anyone else had and experience with their Torch and this app?
Tx,

By: Marc

Marc — Thu, 12 Aug 2010 14:24:11 +0000

RSA soft token 3.5 and the associated utility is now available on the RSA website

By: Sam from freeware blackberry

Sam from freeware blackberry — Tue, 10 Aug 2010 05:37:47 +0000

Yey! this works great for me. I just followed the steps above carefully and there it goes, I made it. Maybe, other Blacberry phones have little problem with the software that needs proper attention. This app works fine with me and the other as well as for you but on the other hand, it doesn't work mostly of the people above, I think something's wrong with their compatibility. That's just my opinion, I am not that sure. Anyway, thank you for this.

By: Kevin

Kevin — Thu, 29 Jul 2010 21:12:32 +0000

Are there any particular permissions required for the PushToken app to work? I (Domain Admin) can successfully push from my PC but another person (PC Support) is not getting any error, but, does not see the token on the BB.

Great tutorials on your site by the way!

Thanks!
Kevin

By: Corey

Corey — Tue, 06 Jul 2010 17:58:38 +0000

@David Chen – no, they're totally different products, sold separately, backed by different token seeds.

By: David Chen

David Chen — Tue, 06 Jul 2010 17:52:00 +0000

Is it possible to convert a RSA FOB hardware token to a software token?
Please kindly advice whether it is possible to generate a web-based SDTID or CTF if a RSA FOB hardware token is provided its 9 digits number in the back, the 6 digits displaied in front at the time of pushing submit button.

Thank you and best regards.
David.

By: Tiffany

Tiffany — Mon, 03 May 2010 17:18:32 +0000

Hi Corey,
This msg is in repsonse to Lewis who is getting the error:

Error:java.io.IOException: Server returned HTTP response code: 403 for URL: http
://bes.xxxx.com:8080/push?DESTINATION=zzzz@xxxx.com&PORT=6446&REQUEST
URI=/
Unable to communicate with MDS.

I was also able to get to the mds using port 8080, on my computer. However, if I tried to access the same webpage on the actual blackberry enterprise server, I got the forbidden error as a result of IE's security. Once I added the site to the trusted sites on the actual server, I no longer received the error.
Thanks,
Tiffany

By: Jim

Jim — Wed, 10 Mar 2010 20:03:28 +0000

Hey man, I have had this working great for about a month now, great post!!

However, today I went to use it for a particular user and now I get this error:

2010-03-10T15:45:27 AST|PushToken(Error )|java.io.IOException: Server returned HTTP response code: 403 for URL: http://(servername):8080/push?DESTINATION=(email addy)&PORT=6446&REQUESTURI=/

Looks like the same issue as Lewis Papaleo.

I can connect fine to my BES on port 8080 and MDS service is running, nothing has changed that I'm aware of…

any ideas?

Thanks

By: Corey

Corey — Wed, 10 Feb 2010 16:05:35 +0000

@Donovan – the classname is case sensitive, it should be PushToken not pushtoken.

C:\Temp\RSA>java -classpath c:\Temp\RSA\Pushtoken.jar PushToken -edonovan.elder@
example.com C:\Temp\RSA\x-xxxxxx-token1.sktid -h11.22.33.44

By: Donovan

Donovan — Tue, 09 Feb 2010 18:16:44 +0000

Receiving the following error when attempting to execute the pushtoken method:
C:\Temp\RSA>java -classpath c:\Temp\RSA\Pushtoken.jar pushtoken -edonovan.elder@
REDACTED C:\Temp\RSA\x-xxxx-token1.sktid -h1.2.3.4
Exception in thread "main" java.lang.NoClassDefFoundError: pushtoken
Caused by: java.lang.ClassNotFoundException: pushtoken
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Could not find the main class: pushtoken. Program will exit.
Do you have any advice?

By: Lewis Papaleo

Lewis Papaleo — Fri, 09 Oct 2009 16:11:12 +0000

Corey,

Thanks for responding. I can access my BES from port 8080. The interesting thing is I'm only having issues with particular user. The other users I setup had no problems. is it possible there is some setting on the BB device that is not allowing incoming connections from port 8080?

Thank you,

Lewis

By: Corey

Corey — Fri, 09 Oct 2009 03:30:27 +0000

Hi Lewis,

That error seems BES Specific. Can you access your BES on port 8080? Is the MDS service running?