000029341 - TokenDirectory overrides custom TokenFileRetrievePlugin path in Seed Provisioning Helper (SPH)

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029341
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Software Token for Blackberry
RSA Version/Condition: 3.5
Platform: Linux
Product Name: SPH

Customer has the sphelper.properties file setting "TokenDirectory=/home" and his custom "TokenFileRetrievePlugin returning the file path for a token as "/tmp/tokens/mytoken.sdtid". Then the following error is logged:
ALL:2014-02-27T14:31:26 GMT - RequestTokenStatus.getResponse> Exception thrown: java.lang.Exception: no files in [/home]
It seems the TokenDirectory parameter is interfering or overriding some of the behavior of the custom TokenFileRetrievePlugin
From our manual: SecurIDTokenBlackBerry350_admin.pdf
TokenDirectory Specifies the path to the directory containing the token files that will be delivered to the device. By default, SPH looks for token data as SDTID files present in the file system at the path specified for TokenDirectory.
If you do not specify a directory path, the SPH will fail to initialize, unless you provide a custom plug-in for token file retrieval. For more information, see “Custom Plug-Ins” on page 80.
Be sure to change the placeholder value given in the properties file.
Our sphelper will not initialize unless you specify a TokenDirectory. Even though the administrator met the requirement of defining the custom file plug-in per our documentation. If you try to work around that defect by defining the TokenDIrectory, it takes precedence over the custom plug-in.
==> sph plugin log <==
2014/10/01-14:52:15 - getTokenFilePath called with email:and deviceID:
2014/10/01-14:52:15 - Returning token path:/home/myrsaweb/Tmp/.sdtid
==> sph log <==
ALL:2014-10-01T14:52:15 BST - SPHelperServlet.init> Cannot set token directory to /home/gseweb/Tmp/.sdtid. It is neither a file or nor a direcroty.
ALL:2014-10-01T14:52:15 BST - SPHelperServlet.init> Invalid customization. SPH fail to initialize
ALL:2014-10-01T14:52:15 BST - SPHelperServlet.init> end
If the TokenDirectory parameter is omitted this is the error you receive:
ALL:2014-02-26T17:06:32 GMT - SPHelperServlet.init> TokenDirectory configuration not set.
ALL:2014-02-26T17:06:32 GMT - SPHelperServlet.init> Invalid customization. SPH fail to initialize

CauseThe TokenDirectory is overriding the custom TokenFileRetrievePlugin path. This issue has been reported in defect SWTBB-593.
ResolutionContact RSA Technical Support to obtain the hot fix for defect SWTBB-593. 
The hot fix consists SPHelper.war file..
1. Stop the web server that runs the SPH servlet.
2. Rename the existing SPHelper directory and SPHelper.war, or simply move them to a safe location.
3. Put the SPHelper.war from the hot fix in the web server where the original SPHelper directory was found.
4. Start the web server, a new SPHelper directory is automatically created.
5. Stop the web server
6. Replace new sphelper.properties found in SPHelper/WEB-INF with the old sphelper.properties.
7. Start the web server.
8. Test token distribution.