000028968 - AM 8.1-Getting error there was a problem processing your request no ID source available.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000028968
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0 Patch 5 
Platform: VMware
Platform (Other): null
O/S Version: null
Product Name: RSA-0010810
Product Description: RSA-0010810
IssueSecurity Console - Settings - Self Service Settings, Select Identity Sources errors None exist.
error : "There was a problem processing your request. No Identity Source is available" 
Customer has configured Identity sources and can see users. Users can log onto self-service console page and request a token. Everything else appears to work; they can assign tokens and see both Internal and external Identity Sources.
CauseSet Verbose logging - imsTrace.log

2014-10-21 13:10:40,617, [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'], (AbstractPropertiesSynchronizer.java:695), trace.com.rsa.ims.security.keymanager.sys.AbstractPropertiesSynchronizer, WARN, den-prod-auth-01.quickplay.local,,,,Database information not found

com.rsa.common.DataNotFoundException: No data for 0000-Global-0000.ims.sso.filter.properties found
Cause: E
nrollment of identity source is different from AM 7.1 to AM 8.0/8.1 i.e. only internal database users are enrolled in AM 8.0/8.1. Migration from 7.1 to 8.0/8.1 has introduced the above issue. The root cause of the defect is how the migration is handled for user enrollment.
Resolutionscheduled for P6 or P7 on AM 8.1
WorkaroundSSH to the Primary as rsaadmin
      cd /opt/rsa/am/utils
      ./rsautil manage-secrets -a get com.rsa.db.dba.password
provide operations console admin username provide operations console admin password Record the value for the password returned.
get com.rsa.db.password
      cd /opt/rsa/am/pgsql/bin

./psql -h localhost -p 7050 -d db -U rsa_dba -c 'select * from RSA_REP.UCM_IDENTITY_SOURCES;' -o /tmp/idsources.txt
./psql -h localhost -p 7050 -d db -U rsa_dba -c 'select id, name, src_type, internal_store, runtime_only FROM RSA_REP.IMS_IDENTITY_SOURCE;' -o /tmp/idnames.txt

Look in for the identitysource_id in idsources.txt and the runtime_only in the idnames,txt file, the values should be the same, e.g. 24205f6d0465a8c0027cf59121f24159,  This value will be used in the workaround update. 
Since this update uses single ticks, We'll run it from SQL instead of with -c
      ./psql -h localhost -p 7050 -d db -U rsa_dba -o /tmp/updateIS.txt provide the password from above at the "Password for user rsa_dba prompt"
 db-# UPDATE RSA_REP.UCM_IDENTITY_SOURCES SET available_status=0 WHERE identitysource_id='24205f6d0465a8c0027cf59121f24159';
 db-# \q
The above query should resolve customer case. Make sure after running the query, customer adds the internal database for enrollment if required from self service settings-> Select Identity Sources page.
NotesSame symptom as Jira AM-27838/AM-26825 which were fixed in patch 1