on Jun 14, 2016Article Content
| Article Number | 000028968 |
| Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1.0 Patch 5 Platform: VMware Platform (Other): null O/S Version: null Product Name: RSA-0010810 Product Description: RSA-0010810 |
| Issue | Security Console - Settings - Self Service Settings, Select Identity Sources errors None exist. error : "There was a problem processing your request. No Identity Source is available" Customer has configured Identity sources and can see users. Users can log onto self-service console page and request a token. Everything else appears to work; they can assign tokens and see both Internal and external Identity Sources. |
| Cause | Set Verbose logging - imsTrace.log 2014-10-21 13:10:40,617, [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'], (AbstractPropertiesSynchronizer.java:695), trace.com.rsa.ims.security.keymanager.sys.AbstractPropertiesSynchronizer, WARN, den-prod-auth-01.quickplay.local,,,,Database information not found com.rsa.common.DataNotFoundException: No data for 0000-Global-0000.ims.sso.filter.properties found Cause: Enrollment of identity source is different from AM 7.1 to AM 8.0/8.1 i.e. only internal database users are enrolled in AM 8.0/8.1. Migration from 7.1 to 8.0/8.1 has introduced the above issue. The root cause of the defect is how the migration is handled for user enrollment. |
| Resolution | scheduled for P6 or P7 on AM 8.1 |
| Workaround | SSH to the Primary as rsaadmin cd /opt/rsa/am/utils ./rsautil manage-secrets -a get com.rsa.db.dba.password provide operations console admin username provide operations console admin password Record the value for the password returned.  cd /opt/rsa/am/pgsql/bin ./psql -h localhost -p 7050 -d db -U rsa_dba -c 'select * from RSA_REP.UCM_IDENTITY_SOURCES;' -o /tmp/idsources.txt ./psql -h localhost -p 7050 -d db -U rsa_dba -c 'select id, name, src_type, internal_store, runtime_only FROM RSA_REP.IMS_IDENTITY_SOURCE;' -o /tmp/idnames.txt Look in for the identitysource_id in idsources.txt and the runtime_only in the idnames,txt file, the values should be the same, e.g. 24205f6d0465a8c0027cf59121f24159, This value will be used in the workaround update. Since this update uses single ticks, We'll run it from SQL instead of with -c ./psql -h localhost -p 7050 -d db -U rsa_dba -o /tmp/updateIS.txt provide the password from above at the "Password for user rsa_dba prompt" db-# UPDATE RSA_REP.UCM_IDENTITY_SOURCES SET available_status=0 WHERE identitysource_id='24205f6d0465a8c0027cf59121f24159'; db-# \q The above query should resolve customer case. Make sure after running the query, customer adds the internal database for enrollment if required from self service settings-> Select Identity Sources page. |
| Notes | Same symptom as Jira AM-27838/AM-26825 which were fixed in patch 1 |