000034314 - "Authentication station status was 9" error when accessing RSA Authentication Manager Prime Self Service Portal (SSP) with Active Directory password

Document created by RSA Customer Support Employee on Nov 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034314
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager Prime
 
Issue
  • When logging in to the Self-Service Portal (SSP) GUI with an AD password, the following error displays:
Unexpected error: occurred while authenticating with LDAP. 'Authentication station status was 9' 

  • The following error will be in the SSP daily log, located in ..\rsa\ssp\logs:
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
AcceptSecurityContext error, data 52e, v1db1e 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 
STACK_TRACE[$org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1AP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1 
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182) 
org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) 
org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) 
org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:462) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:483) 
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:503) 
org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1482) 
org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1440) 
com.rsa.pso.services.ADAuthenticationService.authenticate(Unknown Source) 
com.rsa.pso.selfservice.web.LoginActionBean.login(Unknown Source) 
sun.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
CauseThe AD bind account on this SSP box has a wrong ID or password, The error 52e indicates that the username is valid, but the combination of password and user credential is invalid.  Refer to this article on LDAP error codes for more information.
ResolutionUpdate the ssp.properties file located in ..\rsa\ssp\config with the correct credentials following the examples below:
For the property which holds the bind user DN to connect to the domain:
alm.ldap.binduserDn=CN=<user_name>,CN=<CN_container>,DC=<domain_component_1>,DC=<domain_component_2>,DC=com

For example,

alm.ldap.binduserDn=CN=Administrator,CN=Users,DC=devdomain,DC=pso,DC=com

For the property which holds the encrypted password of the user specified in property:

alm.ldap.binduserpassword=<password_value>

For example, 

alm.ldap.binduserpassword=P4ssw0rd

Attachments

    Outcomes