This is an issue related to the use of UTC.
For the first five token responses the DSS has a larger time window, which is why these are working.
For the sixth token response the DSS tries to narrow the time window and the token response being provided is outside of this time window (1 hour).
If you turn on tracing for the DSS and view the DSS log you will most likely see the message "Your token is not synchronized to the current system clock. Enter the next response."
However, while entering the next token response does allow the authentication request to succeed, the next response from the device will still be out of sync, which is not correct.
Enhancement Request 0004407 has been created to address this issue. This has been confirmed to be in the next token release.
Workaround: Use OATH Compliant tokens rather than AES (time based) as this would not suffer from the same issue.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center