000037457 - RSA SecurID Access Identity Router can no longer authenticate to RSA Authentication Manager after upgrade

Document created by RSA Customer Support Employee on May 10, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037457
Applies ToRSA Product Set:  SecurID Access
RSA Product:  Identity Router
IssueAfter upgrading RSA Authentication Manager to one of the following versions, the Identity Router (IDR) begins to fail the Authentication Manager connection test and SecurID token authentications fail:
  • 8.2 SP1 P4,
  • 8.2 SP1 P5, 
  • 8.2 SP1 P6, or
  • 8.3 with no patches
IDR agent logging (/var/log/symplified/rsa_api.log or /var/log/symplified/symplified.log) shows errors like:
[2019-05-01 23:29:25,715] ERROR Thread-931210 - Error in processing Authn request: MessageKey [
2019-05-01 23:29:25,715] ERROR Thread-931210 - Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: MessageKey


The Authentication Manager imsTrace.log shows errors like:

-05-01 14:22:45,994, [[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'], (MessageKeyManager.java:9202019
trace.com.rsa.authmgr.internal.msgkey.am.MessageKeyManager, FATAL, nj-rsa-03.emwp.com,,,,remote lookup exception: com.rsa.authmgr.internal.adjudicator.AdjudicatorFailureException: Unable to find node GUID: b891a412590a5c0a6612f9858aa4d9bd
CauseA software defect was found in RSA Authentication Manager 8.2 SP1 patch 4 which can cause Authentication Manager to be unable to identify the encryption key the IDR agent specifies when initiating communication with the Authentication Manager server.
ResolutionUpgrade all Authentication Manager instances to either:
  • RSA Authentication Manager 8.2 SP1 patch 7 or
  • RSA Authentication Manager 8.3 Patch 1 or higher.