000039494 - Logging  on to security console is very slow after updating to AM 8.5

Document created by RSA Customer Support Employee on Dec 18, 2020
Version 1Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000039494
Applies To
RSA Product Set:  SecurID
   RSA Product/Service Type:  Authentication Manager
   RSA Version/Condition:  8.5
Issue
  • Slow login issues to security console after updating to 8.5
  • Logging on to the security console (either password/passcode) takes 1 minute and longer.
Cause
  • RSA Authentication Manager tries to resolve names of the following CAS URLs when accessing the security console regardless of using CAS or not.


provisioning.access.securid.com
provisioning.access.securid.com.techmatrix.co.jp
provisioning.access-eu.securid.com
provisioning.access-eu.securid.com.techmatrix.co.jp
provisioning.access-anz.securid.com
provisioning.access-anz.securid.com.techmatrix.co.jp


  • Issue is related to an upcoming feature for on-demand cloud tenant provisioning: NGX-23460. This feature will be turned on in the Cloud early next year, and the following DNS entries will go live at that point. 


provisioning.access.securid.com
provisioning.access-eu.securid.com
provisioning.access-anz.securid.com


 
WorkaroundNote: This is not a fix, engineering has provided the following workaround until the product defect is fixed.
 
  1. Launch an SSH client, such as PuTTY.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
        Note that during Quick Setup another username may have been selected. Use that username to login.

  1. Change the directory to /utils. 


login as: rsaadmin
Using keyboard-interactive authentication.
Password:
Last login: Fri Dec  4 13:37:02 2020 from 192.168.20.102
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@bharatham85:~> cd /opt/rsa/am/utils


  1. Update auth_manager.dynamic.tenant.provisioning.service.enabled from true to false using the command below, enter operations console administrator password when prompted. 


./rsautil store -o <OC_admin> -a update_config auth_manager.dynamic.tenant.provisioning.service.enabled false GLOBAL 500

Snippet below


rsaadmin@bharatham85:/opt/rsa/am/utils> ./rsautil store -o ocadmin -a update_config auth_manager.dynamic.tenant.provisioning.service.enabled false GLOBAL 500
Please enter OC Administrator password: *********
psql.bin:/tmp/b67c9afa-49d4-41bd-b22d-1898680570a7268818817458797075.sql:167: NOTICE:   Changed the value of configuration parameter 'auth_manager.dynamic.tenant.provisioning.service.enabled' from 'true' to 'false' for the instance 'GLOBAL'.
 update_config
---------------
(1 row)
rsaadmin@bharatham85:/opt/rsa/am/utils>




 
Notes
  • Restart authentication manager services.
  • Restarting authentication manager services is not mandatory, without a restart it may take up to 10-15 minutes for the changes to take effect. 
  • Above update should be performed on primary server only.
  • In the future, if customer wishes to utilize feature for on-demand cloud tenant provisioning, they have to first set back the flag to true for the said option is available. 

    rsaadmin@bharatham85:/opt/rsa/am/utils> ./rsautil store -o ocadmin -a update_config auth_manager.dynamic.tenant.provisioning.service.enabled true GLOBAL 500
    Please enter OC Administrator password: *********
    psql.bin:/tmp/b67c9afa-49d4-41bd-b22d-1898680570a7268818817458797075.sql:167: NOTICE:   Changed the value of configuration parameter 'auth_manager.dynamic.tenant.provisioning.service.enabled' from 'false' to 'true' for the instance 'GLOBAL'.
     update_config
    ---------------
    (1 row)
    rsaadmin@bharatham85:/opt/rsa/am/utils>


     

Attachments

    Outcomes