Article Content
Article Number | 000025894 |
Applies To | RSA ClearTrust 5.0.1 RSA ClearTrust Authorization Server (AServer) RSA ACE/Agent UNIX (AIX, HP-UX, Solaris) Forms-based authentication RSA SecurID Authentication |
Issue | RSA ClearTrust users receive Server Error when attempting HTTP forms-based authentication using RSA SecurID token RSA ClearTrust Authorization server debug log shows the following errors: "TCP: error on socket: java.io.IOException: Unable to send data to receiver." java.io.IOException: Unable to send data to receiver. at sirrus.util.io.FlushingByteArrayOutputStream.checkForStreamClosure(FlushingByteArrayOutputStream.java:140) at sirrus.util.io.FlushingByteArrayOutputStream.write(FlushingByteArrayOutputStream.java:80) at java.io.DataOutputStream.writeByte(DataOutputStream.java:129) at sirrus.util.io.rpc.fope.ObjectNode.writeTypeToStream(ObjectNode.java:61) at sirrus.util.io.rpc.fope.Node.writeToStream(Node.java:42) at sirrus.util.io.rpc.fope.NodeFactory.convertNodeToStream(NodeFactory.java:67) at sirrus.util.io.rpc.RPCManager.invokeLocalProcedure(RPCManager.java:151) at sirrus.authserver.MuxRequestThreadPool$MuxRequestThread.serviceRequest(MuxRequestThreadPool.java:85) at sirrus.authserver.MuxRequestThreadPool$MuxRequestThread.run(MuxRequestThreadPool.java:142) Examination of RSA ACE/Server logs confirms that no request was sent to the ACE/Server |
Cause | The user account used to start the ClearTrust Authorization Server must have read and write access to the ACE/Agent /var/ace directory, and must have read access to the securid file in this directory. Incorrect permissions can occur if the SecurID ACE/Agent was installed as root but the ClearTrust servers run as a non-root user. |
Resolution | To correct this issue, follow these steps: 1. Change the permissions of the ACE/Agent /var/ace directory on the RSA ClearTrust Authorization Server (chmod 755 /var/ace) 2. If it exists, delete the securid node secret file: /var/ace/securid 3. Using the ACE/Server Administration Console, edit the agent-host record of the ClearTrust Authorization Server; if checked, uncheck the box "Node Secret Sent" 4. Click OK to save the change 5. Restart the ClearTrust Authorization Server 6. Access a ClearTrust-protected Web resource and authenticate with SecurID 7. Verify that the /var/ace/securid file was recreated and is owned by the ClearTrust Authorization Server user account |
Legacy Article ID | a17575 |