000022412 - RSA ClearTrust AServer unable to authenticate users

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022412
Applies ToRSA ClearTrust 5.5.2 Authorization Server (AServer)
IssueRSA ClearTrust AServer unable to authenticate users
Error in aserver.log file:

"sequence_number=4029,2005-10-25 17:15:18:857 EDT,messageID=-2,internal_error,description='User unable to act as an Administrator. Password lockout disabled',details='sirrus.api.client.UserNotAuthorizedException: User unable to act as an Administrator. Password lockout disabled'"
Error in webagent.conf file:

Oct 25, 2005 03:48:34 PM CDT - [6016] - <Debug> - exception_type=SERVER_ERROR, msg=(java.lang.NullPointerException\n\tat sirrus.authserver.AuthorizationAPI.setCallbackContext(AuthorizationAPI.java:2151)\n\tat sirrus.authserver.AuthorizationAPI.getUserProperties(AuthorizationAPI.java:148)\n\tat sirrus.authserver.TCPServerAPIAdaptor.getUserProperties(TCPServerAPIAdaptor.java:671)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknow
Oct 25, 2005 03:48:34 PM CDT - [6016] - <Info> - Result map: SC_USER_ID\nnzlcmd\nAUTHENTICATION_TYPE\nSC_USER_CHECK
Oct 25, 2005 03:48:34 PM CDT - [6016] - <Info> - Result map: CT_ERROR\njava.lang.NullPointerException\n\tat sirrus.authserver.AuthorizationAPI.setCallbackContext(AuthorizationAPI.java:2151)\n\tat sirrus.authserver.AuthorizationAPI.getUserProperties(AuthorizationAPI.java:148)\n\tat sirrus.authserver.TCPServerAPIAdaptor.getUserProperties(TCPServerAPIAdaptor.java:671)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)\n\tat java.lang.reflect.Method.invoke(Unknown Source)\n\tat sirrus.util.io.rpc.FunctionMapping.createObjectFromFunctionNode(FunctionMapping.java:112)\n\tat sirrus.util.io.rpc.BasicDomainMapper$7.map(BasicDomainMapper.java:249)\n\tat sirrus.util.io.rpc.NodeToObjectMapper.map(NodeToObjectMapper.java:41)\n\tat sirrus.util.io.rpc.BasicDomainMapper.convertFunctionNodeToObject(BasicDomainMapper.java:238)\n\tat sirrus.util.io.rpc.fope.FunctionNode.convertToObject(FunctionNode.java:57)\n\tat sirrus.util.io.rpc.BasicDomainMapper.convertNodeToObject(BasicDomainMapper.java:220)\n\tat sirrus.util.io.rpc.RPCManager.invokeLocalProcedure(RPCManager.java:138)\n\tat sirrus.authserver.MuxRequestThreadPool$MuxWorkerThread.run(MuxRequestThreadPool.java:293)\n
Oct 25, 2005 03:48:34 PM CDT - [6016] - <Info> - Result map: EXCEPTION_TYPE\nSERVER_ERROR\nEXCEPTION_MESSAGE\njava.lang.NullPointerException\n\tat sirrus.authserver.AuthorizationAPI.setCallbackContext(AuthorizationAPI.java:2151)\n\tat sirrus.authserver.AuthorizationAPI.getUserProperties(AuthorizationAPI.java:148)\n\tat sirrus.authserver.TCPServerAPIAdaptor.getUserProperties(TCPServerAPIAdaptor.java:671)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)\n\tat java.lang.reflect.Method.invoke(Unknown Source)\n\tat sirrus.util.io.rpc.FunctionMapping.createObjectFromFunctionNode(FunctionMapping.java:112)\n\tat sirrus.util.io.rpc.BasicDomainMapper$7.map(BasicDomainMapper.java:249)\n\tat sirrus.util.io.rpc.NodeToObjectMapper.map(NodeToObjectMapper.java:41)\n\tat sirrus.util.io.rpc.BasicDomainMapper.convertFunctionNodeToObject(BasicDomainMapper.java:238)\n\tat sirrus.util.io.rpc.fope.FunctionNode.convertToObject(FunctionNode.java:57)\n\tat sirrus.util.io.rpc.BasicDomainMapper.convertNodeToObject(BasicDomainMapper.java:220)\n\tat sirrus.util.io.rpc.RPCManager.invokeLocalProcedure(RPCManager.java:138)\n\tat sirrus.authserver.MuxRequestThreadPool$MuxWorkerThread.run(MuxRequestThreadPool.java:293)\n
Oct 25, 2005 03:48:34 PM CDT - [6016] - <Error> - RTAPI get user properties, returned: 3
CauseRSA ClearTrust administrative user account used by AServer to administer user account lockout does not have correct password
ResolutionTo correct this issue, confirm the following settings in the aserver.conf file have the correct values. Note that these settings are only required if the AServer is configured in read-only mode:

cleartrust.aserver.datastore.read_only=true
cleartrust.aserver.datastoreadmin_api.hostname=xxx.xxx.xxx.xxx
cleartrust.aserver.datastoreadmin_api.port=xxxx
cleartrust.aserver.datastoreadmin_api.username=administrator
cleartrust.aserver.datastoreadmin_api.password=administrator
cleartrust.aserver.datastoreadmin_api.roll=Default Administrative Role
cleartrust.aserver.datastoreadmin_api.use_ssl=Clear
WorkaroundChanged password for RSA ClearTrust administrative user
Legacy Article IDa28358

Attachments

    Outcomes