How to generate a platform reset Token

Platform reset tokens provide a secure method to reset platform credentials on JACE controllers when passwords are forgotten or accounts are locked. This guide covers generating and using platform reset tokens.

Overview

Platform reset tokens:

• Secure Recovery: Provide secure method to reset platform access
• Credential Recovery: Recover access when credentials are forgotten
• Account Unlock: Unlock locked or disabled accounts
• Emergency Access: Provide emergency access method
• Time-Limited: Typically time-limited for security

Prerequisites

Before generating a reset token, ensure you have:

• Physical Access: Physical access to JACE unit
• Serial Access: Serial shell access to JACE (recommended)
• Workbench Access: Alternative: Workbench access if available
• Administrative Rights: Appropriate permissions to generate tokens
• Documentation: JACE model and firmware version information

Understanding Reset Tokens

How Reset Tokens Work

1. Token Generation: Generate unique reset token
2. Token Storage: Token stored securely on JACE
3. Token Usage: Use token to reset platform credentials
4. Token Expiry: Token expires after set time period
5. Security: Token provides secure recovery mechanism

Token Characteristics

• Unique: Each token is unique
• Time-Limited: Expires after set period (typically 24-48 hours)
• One-Time Use: May be single-use or limited-use
• Secure: Cryptographically secure generation

Step-by-Step Token Generation

Method 1: Using Serial Shell (Recommended)

Step 1: Access Serial Shell

1. Connect Serial Cable: Connect serial cable to JACE
2. Open Terminal: Open terminal emulator (PuTTY, Tera Term, etc.)
3. Configure Serial: Set serial port settings (9600 baud typically)
4. Connect: Connect to JACE serial port
5. Login: Login to serial shell (see How to gain access to the Serial Shell on a JACE)

Step 2: Navigate to Platform Commands

1. Access Shell: Ensure you have shell access
2. Platform Commands: Navigate to platform command interface
3. Help: Type help or ? to see available commands

Step 3: Generate Reset Token

Command Format (varies by JACE model/firmware):

platform reset-token generate

Or:

platform generate-reset-token

Or:

reset-token generate

Alternative Commands:

# Some models use:
niagara platform reset-token
# or
tridium platform reset-token

Step 4: Record Token

1. Token Display: Token will be displayed on screen
2. Copy Token: Carefully copy the entire token
3. Record Securely: Store token securely
4. Note Expiry: Note token expiration time
5. Verify: Verify token was copied correctly

Method 2: Using Workbench

Step 1: Connect to JACE

1. Open Workbench: Launch Niagara Workbench
2. Connect: Connect to JACE (if network access available)
3. Authenticate: Authenticate with available credentials

Step 2: Access Platform Services

1. Platform Services: Navigate to Platform Services
2. Security: Access Security or Platform Security section
3. Reset Tokens: Locate Reset Token or Recovery Token section

Step 3: Generate Token

1. Generate Option: Click "Generate Reset Token" or similar
2. Confirm: Confirm token generation
3. Token Display: Token will be displayed
4. Copy Token: Copy token securely
5. Save: Save token information securely

Method 3: Using Web Interface

Step 1: Access Web Interface

1. Open Browser: Open web browser
2. Navigate: Navigate to JACE IP address
3. Login: Login with available credentials

Step 2: Access Security Settings

1. Settings: Navigate to Settings or Administration
2. Security: Access Security section
3. Platform Security: Locate Platform Security or Reset Token section

Step 3: Generate Token

1. Generate: Click generate reset token option
2. Confirm: Confirm generation request
3. Token: Copy displayed token
4. Secure Storage: Store token securely

Using Reset Tokens

Step 1: Access Reset Interface

Via Serial Shell:

1. Connect Serial: Connect to serial shell
2. Reset Command: Use reset command with token
3. Enter Token: Enter reset token when prompted

Via Web Interface:

1. Access Reset Page: Navigate to platform reset page
2. Enter Token: Enter reset token
3. Submit: Submit token for verification

Step 2: Reset Credentials

1. Token Verification: System verifies token
2. Reset Prompt: Prompted to reset platform credentials
3. New Credentials: Enter new username and password
4. Confirm: Confirm new credentials
5. Completion: Reset process completes

Step 3: Verify Reset

1. Login Test: Test login with new credentials
2. Access Verification: Verify platform access works
3. Token Invalidation: Token is invalidated after use
4. Documentation: Document new credentials securely

Token Format Examples

Typical Token Formats

Tokens may appear in various formats:

• Hexadecimal: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
• Base64: YWJjZGVmZ2hpams=
• UUID Format: 12345678-1234-1234-1234-123456789abc
• Alphanumeric: ABC123XYZ789

Token Characteristics

• Length: Typically 32-64 characters
• Case Sensitivity: May be case-sensitive
• Special Characters: May include special characters
• Format: Format varies by JACE model and firmware

Troubleshooting

Token Generation Fails

If token generation fails:

1. Permissions: Verify you have necessary permissions
2. Access Method: Try different access method (serial vs network)
3. JACE Status: Verify JACE is running properly
4. Firmware Version: Check firmware version supports token generation
5. Documentation: Consult model-specific documentation

Token Not Accepted

If token is not accepted:

1. Token Accuracy: Verify token was copied correctly
2. Token Expiry: Check if token has expired
3. Token Format: Verify token format is correct
4. Case Sensitivity: Check case sensitivity
5. Token Usage: Verify token hasn't been used already

Token Expired

If token has expired:

1. Generate New: Generate new reset token
2. Use Promptly: Use tokens promptly after generation
3. Note Expiry: Note expiration time when generating
4. Time Zone: Consider time zone differences
5. Documentation: Check token expiration period

Cannot Access Reset Interface

If unable to access reset interface:

1. Access Method: Try alternative access method
2. Serial Access: Use serial shell if network unavailable
3. Network Issues: Troubleshoot network connectivity
4. Service Status: Verify platform services are running
5. Alternative Methods: Consider alternative recovery methods

Security Considerations

Token Security

• Secure Storage: Store tokens securely
• Time-Limited: Use tokens promptly before expiration
• Single Use: Tokens may be single-use only
• Access Control: Limit who can generate tokens
• Audit Logging: Enable audit logging for token generation

Best Practices

• Generate When Needed: Generate tokens only when needed
• Secure Transmission: Transmit tokens securely
• Immediate Use: Use tokens immediately after generation
• Documentation: Document token generation procedures
• Access Control: Control access to token generation capabilities

Model-Specific Notes

JACE-8000 Series

• Token Generation: Available via serial shell
• Token Format: Varies by firmware version
• Expiration: Typically 24-48 hours

JACE-9000 Series

• Token Generation: Available via serial and web interface
• Enhanced Security: May have enhanced token security
• Multiple Methods: Multiple token generation methods available

Older JACE Models

• Limited Support: Older models may have limited token support
• Alternative Methods: May require alternative recovery methods
• Firmware Updates: Consider firmware updates for token support

Related Topics

• How to gain access to the Serial Shell on a JACE
• What are the default credentials of a JACE
• How to restore connectivity on older JACE8000s after performing a Factory Reset

Additional Resources

• JACE Platform Security Guide
• Reset Token Documentation
• JACE Recovery Procedures
• Platform Authentication Best Practices