000025952 - How to successfully run the RSA Key Generation Toolkit HTTP test client (Tomcat)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000025952
Applies ToRSA SecurID Key Generation Toolkit version 1.2
CtkipServlet reference server
Tomcat 5.x
Microsoft Windows
IssueHow to successfully run the RSA Key Generation Toolkit HTTP test client (Tomcat)
1) Tomcat logs "Trying to send error response: 501 - Trigger request is not supported in this version"

2) Regenerating seed
ServerHelloPDU
  Status: Abort
com.rsa.ctkip.toolkit.common.CTKIPException: com.rsa.ctkip.toolkit.common.CTKIPE
xception: Server cannot continue due to error: Abort
        at com.rsa.ctkip.wa.servlet.TestHTTPClient.processServerHello(TestHTTPCl
ient.java:408)
        at com.rsa.ctkip.wa.servlet.TestHTTPClient.test(TestHTTPClient.java:107)

        at com.rsa.ctkip.wa.servlet.TestHTTPClient.main(TestHTTPClient.java:66)
Caused by: com.rsa.ctkip.toolkit.common.CTKIPException: Server cannot continue d
ue to error: Abort
        at com.rsa.ctkip.wa.servlet.TestHTTPClient.processServerHello(TestHTTPCl
ient.java:344)

Cause1) Tomcat 5.x interprets the client's HTTP POST to the default URL as a HTTP GET.  A GET to the CtkipServlet URL is designed to cause a CT-KIP Server Trigger message but it is not implemented in the Key Generation Toolkit 1.2.
2) The data necessary to process the seed regeneration is not available.
Resolution1) Add a "/" to the servlet URL by either modifying the client source's default URL or providing the URL as a parameter when running the client.  For example running the test client on the same machine as the Tomcat server can be successfully done like this:

java -cp lib\ctkip-toolkit.jar;lib\xmlspy-schema-2006-sp2.jar;lib\certj.jar;lib\jsafe.jar;lib\log4j-1.2.8.jar;classes com.rsa.ctkip.wa.servlet.TestHTTPClient http://localhost:8080/CtkipServlet/

2) Uncomment all five of the callback definitions in the CtkipServlet's web.xml file. 
Also, ensure that folder C:\ctkip\test_data exists and is writeable on the Tomcat platform as the reference callbacks write to this directory.  This directory is defined by the constant FILE_LOCATION which defaults to C:\ctkip\test_data.  If this is not a valid directory then the callbacks that reference FILE_LOCATION must be modified to use a valid directory.

See this How to successfully run the RSA Key Generation Toolkit HTTP test client (WebLogic 9) for similar issues on WebLogic 9.
Legacy Article IDa32574

Attachments

    Outcomes