000025894 - RSA ClearTrust users receive Server Error when attempting HTTP forms-based authentication using RSA SecurID token

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025894
Applies ToRSA ClearTrust 5.0.1
RSA ClearTrust Authorization Server (AServer)
RSA ACE/Agent
UNIX (AIX, HP-UX, Solaris)
Forms-based authentication
RSA SecurID Authentication
IssueRSA ClearTrust users receive Server Error when attempting HTTP forms-based authentication using RSA SecurID token
RSA ClearTrust Authorization server debug log shows the following errors: "TCP: error on socket: java.io.IOException: Unable to send data to receiver."
java.io.IOException: Unable to send data to receiver.
       at sirrus.util.io.FlushingByteArrayOutputStream.checkForStreamClosure(FlushingByteArrayOutputStream.java:140)
       at sirrus.util.io.FlushingByteArrayOutputStream.write(FlushingByteArrayOutputStream.java:80)
       at java.io.DataOutputStream.writeByte(DataOutputStream.java:129)
       at sirrus.util.io.rpc.fope.ObjectNode.writeTypeToStream(ObjectNode.java:61)
       at sirrus.util.io.rpc.fope.Node.writeToStream(Node.java:42)
       at sirrus.util.io.rpc.fope.NodeFactory.convertNodeToStream(NodeFactory.java:67)
       at sirrus.util.io.rpc.RPCManager.invokeLocalProcedure(RPCManager.java:151)
       at sirrus.authserver.MuxRequestThreadPool$MuxRequestThread.serviceRequest(MuxRequestThreadPool.java:85)
       at sirrus.authserver.MuxRequestThreadPool$MuxRequestThread.run(MuxRequestThreadPool.java:142)
Examination of RSA ACE/Server logs confirms that no request was sent to the ACE/Server
CauseThe user account used to start the ClearTrust Authorization Server must have read and write access to the ACE/Agent /var/ace directory, and must have read access to the securid file in this directory. Incorrect permissions can occur if the SecurID ACE/Agent was installed as root but the ClearTrust servers run as a non-root user.
ResolutionTo correct this issue, follow these steps:

1. Change the permissions of the ACE/Agent /var/ace directory on the RSA ClearTrust Authorization Server (chmod 755 /var/ace)

2. If it exists, delete the securid node secret file: /var/ace/securid

3. Using the ACE/Server Administration Console, edit the agent-host record of the ClearTrust Authorization Server; if checked, uncheck the box "Node Secret Sent"

4. Click OK to save the change

5. Restart the ClearTrust Authorization Server

6. Access a ClearTrust-protected Web resource and authenticate with SecurID

7. Verify that the /var/ace/securid file was recreated and is owned by the ClearTrust Authorization Server user account
Legacy Article IDa17575

Attachments

    Outcomes