000014772 - AXM-Access Manager application not authenticating with SecurID

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014772
Applies ToRSA Access Manager 6.0.2
Windows 2003 Server SP1
SecurID authentication
IssueAXM- Access Manager application not authenticating with SecurID

Cannot authenticate user. Securid debugging -DDEBUG=SECURID logs the following errors:

2008-10-31 12:42:47,801] main - AUTHd.a():? - C:\PROGRA~1\RSA\CLEART~1.0\conf\securid doesn't exist
2008-10-31 12:42:47,926] main - AUTHz.a():? - Can't get nodeSecret

CauseWhen testing the method of SecurID connectivity with SecurID agent, some SecurID window agents will not create node secret file. Instead, it will place the node secret in the registry. Access Manager requires a node secret file be called specifically "SECURID". Once a node secret is obtained, the ACE Server will never send another node secret unless the ACE server is told to do so by performing a node secret resend. The node secret needs to be cleared at the ACE server end and resent.  Instead of using the SecurID agent to generate it, use Access Manager. The first request to authenticate will generate the node secret as correctly named as a file called SECURID.

To remove the node secret from the ACE/Server so that it may be resent, perform the following steps:
1. From the ACE server console, run database administration
2. Select the client, and then edit client
3. Select the client that the ACE/Agent is authenticating to, and also insure the "Sent Node Secret" checkbox is NOT checked

Now, make an authentication attempt with Access Manager. The SECURID node secret  file may be located in the \windows\system32 directory.  Copy it to the Access Manager installation configuration directory i.e. C:\PROGRA~1\RSA\CLEART~1.0\conf\securid

Legacy Article IDa42834