000039503 - AMIS AM Prime Unable to create/add user account from HDAP portal

Document created by RSA Customer Support Employee on Dec 25, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039503
Applies ToRSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1, 8.x
Platform (Other): AMIS 1.3
IssueAuthentication Manager, AM Prime aka AMIS unable to create or add a new user in the Help Desk Administration Portal, HDAP, with error thrown from Server Status: 405
HDAP_Status_405
There is some unexpected issue with the server. Status: 504 Please check if the server is accessible.

AMIS logs
===hdap.log===
ERROR com.rsa.pso.lap.springbeans.AMISClientServiceImp - Exception :: AMISClientServiceImp.getIdentitySources() :: /java.lang.NullPointerException
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception while creating user/com.rsa.pso.exception.ServiceException
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception occurred sending status code 500/com.rsa.pso.exception.ServiceException
DEBUG com.rsa.pso.util.LAPUtils - Action /am71/user/createUser is protected by permission user:create
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception occurred sending status code 401/java.lang.Exception


===claimfilter===
ERROR com.emc.rsa.pso.amis.service.claimFilter - unable to validate token 22697441
INFO com.emc.rsa.pso.amis.service.claimFilter - Returning unauthorized.
INFO com.emc.rsa.pso.amis.service.claimFilter - Loading claim set
INFO com.emc.rsa.pso.amis.service.claimFilter - Session token : RSA_AUTHENTICATION_TOKEN was not found in session.


 
CauseThe root cause of the issue is an enhancement that is done to add Driver Statistics in AMIS in May 2020 with Changelist ID 1304761.
Sample Response after AMIS May 2020 ChangeList ID 1304761:

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<serviceResult result="true">
<driverStatistics maxAllocTime="1857" maxReleastTime="0" maxThreadCount="1" totalAllocTime="1857" totalReleaseTime="0" totalRequests="1" />
</serviceResult>
 
ResolutionNeed to update the am8.war files using the build from 04-Dec-2020

Steps to follow:
  1. Copy am8.war to Prime SSP servers.
  2. Stop AMIS service - WinServices Apache AMIS (IIS keeps SSP in the LB pool).
  3. cd to ~/primekit/tomcat/tomcat-amis/work/
  4. From within dir above "rm -rf Catalina" or "rename Catalina"
  5. cd to ~/primekit/tomcat/tomcat-amis/webapps/
  6. Rename am8.war to .old_repl_tok extension
  7. (rename or) "rm -rf auth/ am8/ workflow/ rsa-endpoints/" from webapps repeat for other directories too: auth, am8, and workflow
  8. Copy the new am8.war to ~/primekit/tomcat/tomcat-amis/webapps/.
  9. Start AMIS (EY should check IIS running too).

Should not need to reset permissions script 3_reset_perms.bat in Windows.
 
WorkaroundWork-around is to add Users to the Security Console.
NotesSee Jira PSSSP-778 - Help Desk Admin Portal @Ernst&Young CreateUser fails after Microsoft Windows Security update.

Attachments

    Outcomes