| Article Number | 000029178 |
| Applies To | RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1 |
| Issue | The RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console. The following error was reported in the /opt/rsa/am/server/logs/radiusoc.log log file.
####<Dec 8, 2014 1:31:47 PM EST> <Error> <Security> <app81p> <radiusoc> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<<WLS Kernel>> <> <> <1418005907269> <BEA-090870> <The realm "rsa" failed to be loaded: weblogic.security.service.SecurityServiceException:
com.bea.common.engine.ServiceInitializationException:
weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file
/opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException:
A failure occurred attempting to load
LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:466)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:148)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException:
A failure occurred attempting to load LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
at com.bea.security.css.CSS.getService(CSS.java:123)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:148)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file
/opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadFullLDIFTemplate(BootStrapServiceImpl.java:910)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFTemplate(BootStrapServiceImpl.java:688)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:178)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:162)
at com.bea.common.security.internal.service.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:109)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at com.sun.proxy.$Proxy7.loadLDIFXACMLAuthorizerTemplate(Unknown Source)
at com.bea.security.providers.xacml.store.AuthorizationPolicyStore.init(AuthorizationPolicyStore.java:81)
at com.bea.security.providers.xacml.store.DefaultPolicyStoreConfigurator.newPolicyStore(DefaultPolicyStoreConfigurator.java:22)
at weblogic.security.providers.xacml.authorization.PolicyDecisionPointFactory.getStore(PolicyDecisionPointFactory.java:265)
at weblogic.security.providers.xacml.authorization.PolicyDecisionPointFactory.getAuthorization(PolicyDecisionPointFactory.java:69)
at weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl.initialize(XACMLAuthorizationProviderImpl.java:127)
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:60)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
at com.bea.security.css.CSS.getService(CSS.java:123)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:148)
Note that app81p is the short name of the Authentication Manager instance where this error was found.
|
| Cause | An administrator was following the instructions from page 164 of the RSA Authentication Manager 8.1 Administrator’s Guide to replace the console certificate via the Operations Console and the alias name used matched the short name of the Authentication Manager. |
| Resolution | Please contact RSA Customer Support to seek assistance in removing the SSL server certificate(s) and/or Signer Certificate(s) from the appropriate certificate keystores used by the Authentication Manager software.
Refer to article number 000029178 after opening a support request with RSA Customer Support with your license information from the RSA Authentication Manager. The serial number for the license can be found in the Security Console under Setup > Licenses > Status. Click View Installed Licenses then click License ID to display the serial number. |
| Workaround | Please do not use the Authentication Manager instance short name as the alias when replacing the console certificate. |
on Jun 15, 2016