000032899 - "Unable to generate TSF URL" Error occurs in RSA Authentication Manager when unable to distribute CTF Token to user

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032899
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
O/S Version: Suse Linux
 
Issue
  • Unable to generate CTF URL for software token for a user
  • Error in System Activity Monitor:
    Log Level: ERROR 
    Description: Administrator "SYSTEM" attempted to execute command "com.rsa.authmgr.admin.tokenmgt.GenerateSoftTokenTSFCommand"
    Activity Result Key: Failure
    Result: Unexcepted exception caught
    Administrator User ID: SYSTEM
    Administrator First Name: N/A
    Administrator Last Name: N/A
    Administrator Security Domain: N/A
    Administrator Identity Source Name: N/A
    Activity Key: Execute command
    Activity Result Key: Failure
    Instance Name: xxx.xxx.xxx
    Client IP: N/A
    Server Node IP: x.x.x.x
    Component Key: system.com.rsa.command.CommandServerEngine
    Argument 1: com.rsa.authmgr.admin.tokenmgt.GenerateSoftTokenTSFCommand
    Argument 2: N/A
    Argument 3: N/A
    Argument 4: N/A
    Argument 5: N/A
    Argument 6: N/A
    Exception: com.rsa.common.SystemException: com.rsa.securidlib.sdtid.exceptions.SdtidFileParseException, at com.rsa.authmgr.internal.admin.tokenmgt.impl.SoftTokenTsfExporterImpl.a(SoftTokenTsfExporterImpl.java:18), at com.rsa.authmgr.internal.admin.tokenmgt.impl.SoftTokenTsfExporterImpl.a(SoftTokenTsfExporterImpl.java:14), at com.rsa.authmgr.internal.admin.tokenmgt.impl.SoftTokenTsfExporterImpl.issueTsf(SoftTokenTsfExporterImpl.java:94), at com.rsa.authmgr.internal.admin.tokenmgt.GenerateSoftTokenTSFCommandExecutive.a(GenerateSoftTokenTSFCommandExecutive.java:3), at com.rsa.authmgr.internal.admin.tokenmgt.GenerateSoftTokenTSFCommandExecutive.performExecute(GenerateSoftTokenTSFCommandExecutive.java:8), at com.rsa.authmgr.internal.admin.tokenmgt.GenerateSoftTokenTSFCommandExecutive.performExecute(GenerateSoftTokenTSFCommandExecutive.java:21), at com.rsa.command.TargetableCommand.performExecute(TargetableCommand.java:470), at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119), at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1), at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268), at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1), at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130), at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260), at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1), at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113), at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445), at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source), at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:696), at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:232), at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118), at weblogic.work.ExecuteThread.run(ExecuteThread.java:221),Caused by: com.rsa.securidlib.sdtid.exceptions.SdtidFileParseException, at com.rsa.tokenconverter.SdtidToCtf.CtfCreator.a(Unknown Source), at com.rsa.tokenconverter.SdtidToCtf.CtfCreator.sdtidToCtfString(Unknown Source), at com.rsa.authmgr.internal.admin.tokenmgt.impl.SoftTokenTsfExporterImpl.a(SoftTokenTsfExporterImpl.java:77), at com.rsa.authmgr.internal.admin.tokenmgt.impl.SoftTokenTsfExporterImpl.a(SoftTokenTsfExporterImpl.java:14), at com.rsa.authmgr.internal.admin.tokenmgt.impl.SoftTokenTsfExporterImpl.issueTsf(SoftTokenTsfExporterImpl.java:94), at com.rsa.authmgr.internal.admin.tokenmgt.GenerateSoftTokenTSFCommandExecutive.a(GenerateSoftTokenTSFCommandExecutive.java:3), at com.rsa.authmgr.internal.admin.tokenmgt.GenerateSoftTokenTSFCommandExecutive.performExecute(GenerateSoftTokenTSFCommandExecutive.java:8), at com.rsa.authmgr.internal.admin.tokenmgt.GenerateSoftTokenTSFCommandExecutive.performExecute(GenerateSoftTokenTSFCommandExecutive.java:21), at com.rsa.command.TargetableCommand.performExecute(TargetableCommand.java:471), at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:121), ... 15 more
    Instance GUID: 719f18014866da0a08014dbdfc0d50e6
    Session ID: N/A

Cause
  • The Name of the user has a bogus character
  • If you're able to generate an stdid token for the user, open it in any text editor, you'll be able to see that character
  • Example:
User-added image
Resolution
  • Rename the user, you can simply delete the name and retype it again manually
  • If the user is from an external Identity source, then rename the same way from the identity source, then cleanup the user and re-add him again
WorkaroundA workaround is distributing the token with stdid file form
NotesThe reason for those "bogus" or strange characters is most likely using a third party tool that pushes the info to the external identity source.
Thus when read by the Authentication Manager it is received along with that "bogus" character.

Attachments

    Outcomes