Article Content
Article Number | 000038054 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager Prime RSA Version/Condition: 8.4 Platform: Java Runtime Environment 1.8.x |
Issue | After an upgrade to RSA Authentication Manager 8.4 patch 6 and upgrading the Java version on the Authentication Manager Integration Service (AMIS) server from JRE 1.7.0 to JRE 1.8.0_221, the Self-Service Portal (SSP) failed to generate the QR code for the token request/replacement. The QR code image keeps spinning without generating the QR code. ![]() |
Cause | The CTF conversion utility uses the Java random function which results in a massive delay in minutes. Oracle has noted this performance issue regarding using the random function to generate cryptographically strong random number generator (RNG), and the resolution is below in the resolution section.
2019-10-10T06:29:22,001-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,start :: replaceNextToken 2019-10-10T06:29:22,001-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO , URL : http://localhost:8181/am8/token/replace/{tokenserial}/{newtokenserial}?newPinMode={booleanFlag} 2019-10-10T06:29:22,001-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO , URL Parameters : {tokenserial=000156522108, tokenType=software, booleanFlag=false} 2019-10-10T06:29:22,244-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,service result <?xml version="1.0" encoding="UTF-8" standalone="no"?> <serviceResult result="true"> <TokenSerialNumber>000156522080</TokenSerialNumber> </serviceResult> 2019-10-10T06:29:22,245-0700,com.rsa.pso.selfservice.web.SSPHomeActionBean,?,INFO ,000156522108 got replaced with 000156522080 2019-10-10T06:29:22,252-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,start :: updateToken 2019-10-10T06:29:22,252-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,Header value 22818430 2019-10-10T06:29:22,252-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO , URL : http://localhost:8181/am8/token/update/ 2019-10-10T06:29:22,258-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,Token Entry :<?xml version="1.0" encoding="UTF-8" standalone="no"?> <tokenEntry> <algorithm>time</algorithm> <deviceType>ims.000000000000000000002001f0050028</deviceType> <distribution CTF="false"> <QR background="16777215" foreground="0" size="220"/> <STDID copyProtected="false" distributionType="ctf" passwordProtect="NoPassword" regenerateTokenCode="false"> <CTFExpirationMinutes>15</CTFExpirationMinutes> </STDID> </distribution> <enabled>true</enabled> <interval>60</interval> <pin requirePintAtNextLogin="false"/> <properties clearValues="false"> <property name="DeviceSerialNumber" value=""/> </properties> <tokenCodeLength>8</tokenCodeLength> </tokenEntry>
<tokenEntry> <enabled>true</enabled> <distribution> <QR size="200" /> <CTKIP deviceFamilyName="iPhone" /> </distribution> <deviceType>ims.000000000000000000002001f0050022</deviceType> <algorithm>time</algorithm> <tokenCodeLength>8</tokenCodeLength> <interval>60</interval> <properties clearValues="false"> <property name="DeviceSerialNumber" value="556f1985-33dd-442c-9155-3a0e994f21b1" /> </properties> <pin requirePintAtNextLogin="false" action="nothing" pinType="passcode" /> </tokenEntry> |
Resolution | Below are the steps to resolve the issue by editing the java.security file:
|