000029178 - RSA RADIUS Server  service failed to start in the RSA Authentication Manager 8.1 Operations Console

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Jun 14, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029178
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  RSA Authentication Manager
RSA Version/Condition:  8.1 
IssueThe RSA RADIUS Server  service failed to start in the RSA Authentication Manager 8.1 Operations Console.  The following error was reported in the /opt/rsa/am/server/logs/radiusoc.log log file.
 
####<Dec 8, 2014 1:31:47 PM EST> <Error> <Security> <app81p> <radiusoc> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> 
<<WLS Kernel>> <> <> <1418005907269> <BEA-090870> <The realm "rsa" failed to be loaded: weblogic.security.service.SecurityServiceException:
com.bea.common.engine.ServiceInitializationException:
weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file
/opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException:
A failure occurred attempting to load
LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:466)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
        at weblogic.security.SecurityService.start(SecurityService.java:148)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException:
A failure occurred attempting to load LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
        at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
        at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
        at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
        at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
        at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
        at com.bea.security.css.CSS.getService(CSS.java:123)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
        at weblogic.security.SecurityService.start(SecurityService.java:148)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file
/opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
        at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadFullLDIFTemplate(BootStrapServiceImpl.java:910)
        at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFTemplate(BootStrapServiceImpl.java:688)
        at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:178)
        at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:162)
        at com.bea.common.security.internal.service.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
        at com.sun.proxy.$Proxy7.loadLDIFXACMLAuthorizerTemplate(Unknown Source)
        at com.bea.security.providers.xacml.store.AuthorizationPolicyStore.init(AuthorizationPolicyStore.java:81)
        at com.bea.security.providers.xacml.store.DefaultPolicyStoreConfigurator.newPolicyStore(DefaultPolicyStoreConfigurator.java:22)
        at weblogic.security.providers.xacml.authorization.PolicyDecisionPointFactory.getStore(PolicyDecisionPointFactory.java:265)
        at weblogic.security.providers.xacml.authorization.PolicyDecisionPointFactory.getAuthorization(PolicyDecisionPointFactory.java:69)
        at weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl.initialize(XACMLAuthorizationProviderImpl.java:127)
        at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:60)
        at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
        at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
        at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
        at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
        at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
        at com.bea.security.css.CSS.getService(CSS.java:123)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
        at weblogic.security.SecurityService.start(SecurityService.java:148)

Note that app81p is the short name of the Authentication Manager instance where this error was found.
 
CauseAn administrator was following the instructions from page 164 of the RSA Authentication Manager 8.1 Administrator’s Guide to replace the console certificate via the Operations Console and the alias name used matched the short name of the Authentication Manager.
ResolutionPlease contact RSA Customer Support to seek assistance in removing the SSL server certificate(s) and/or Signer Certificate(s) from the appropriate certificate keystores used by the Authentication Manager software.
Refer to article number 000029178 after opening a support request with RSA Customer Support with your license information from the RSA Authentication Manager. The serial number for the license can be found in the Security Console under Setup > Licenses > Status.  Click View Installed Licenses then click License ID to display the serial number.
WorkaroundPlease do not use the Authentication Manager instance short name as the alias when replacing the console certificate.

Attachments

    Outcomes