Issue | Symptoms
- When trying to run the sync-tokens command with a super admin account, an access denied message is displayed.
- The super admin credentials, as well as other parameters, are entered in one line via command line. For example,
./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o /var/tmp/tokens.log -a -l
- The super admin user can run ./rsautil manage-oc-administrators with the same super admin account.
- The /opt/rsa/am/utils/logs/imsCluTrace.log shows following error:
@@@2014-11-07 10:19:32,929, [Main Thread], (EJBRemoteTargetBase.java:178), trace.com.rsa.command.EJBRemoteTargetBase, ERROR,SecurID.xxxxxx.com,,,,Exception during command execution. com.rsa.authn.AuthenticationCommandException: Access Denied at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237) at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464) at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272) at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_1211_WLStub.executeCommand(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84) at com.sun.proxy.$Proxy0.executeCommand(Unknown Source) at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:251) at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:1) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146) at weblogic.security.Security.runAs(Security.java:61) at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51) at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167) at com.rsa.command.DelegatingCommandTarget.executeCommand(DelegatingCommandTarget.java:66) at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297) at com.rsa.authn.LoginCommand.execute(LoginCommand.java:611) at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:158) at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758) at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740) at com.rsa.command.ConnectionFactory.connect(ConnectionFactory.java:456) at com.rsa.authmgr.admin.tools.SyncTokens.login(SyncTokens.java:66) at com.rsa.authmgr.admin.tools.SyncTokens.main(SyncTokens.java:181) Caused by: com.rsa.authn.AuthenticationCommandException: Access Denied at com.rsa.authn.LoginCommand$Executive.execute(LoginCommand.java:775) at com.rsa.authn.LoginCommand.performExecute(LoginCommand.java:679) at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119) at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1) at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268) at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130) at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260) at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1) at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113) at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439) at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445) at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373) at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89) at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source) at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source) at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:696) at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230) at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256) at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
|