000038445 - Access denied error while running the RSA Authentication Manager 8.x Administration SDK

Document created by RSA Customer Support Employee on May 13, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038445
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager SDK
RSA Version/Condition: 8.x
IssueThe following error displays after performing all steps in article 000034753 - Configure RSA Authentication Manager 8.x software developer kit (SDK):

ERROR: com.rsa.authn.AuthenticationCommandException: Access Denied
    at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:172)
    at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758)
    at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740)
    at com.rsa.samples.admin.AdminAPIDemos.main(AdminAPIDemos.java:1373)

CauseThe error occurs for the following reasons:
  • The Security Console administrator is not a member of the internal database, but rather, belongs to an external identity source.
  • The user entered invalid Security Console login credentials, such as an invalid username or password.

Create a super admin in the internal database

  1. Log in to the Security Console with a super admin user.
  2. Go to Identity > Users > Add New.
  3. Create a user by filling out all required fields and other details, if needed.
  4. Click Save.
  5. Go to Administration > Administrative Roles > Manage Existing.
  6. Scroll to SuperAdminRole and from the context arrow, select Assign More.
  7. Search for the new user created in step 3.
  8. Place a check in the box next to the user ID and click Assign to Role.

Submit the correct credentials into the SDK

If you are using the SDK sample code as discussed in  000034753 - Configure RSA Authentication Manager 8.x software developer kit (SDK), then the Program Arguments consists of three inputs, which are separated by spaces. The first input is the action (for example, create, assign, list-users, etc.). The second is the name of the new super admin created above. The third input is that user's password. For example,

[Program Arguments]
list-users superadmin P@55w0rd

NotesOther than the sample code, the super admin username and password may be put into a different method depending on the code.