000035782 - Error message "Error: java.lang.IllegalArgumentException: Window boundary must be positive" in the RSA SecurID Authentication Engine

Document created by RSA Customer Support Employee on Nov 27, 2017Last modified by RSA Customer Support Employee on Nov 28, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000035782
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Engine
RSA Version/Condition: 2.x
Platform: Java
IssueWhile normal operations of the SecurID Authentication Engine, error starts appearing:

java.lang.IllegalArgumentException: Window boundary must be positive
CauseThe problem is in the following time conversion method of com.rsa.authelements.common.util.TimeUtils, which convert UNIX time to SD time:

     * Convert between time in Unix style time_t and SDTime (half minutes since
     * 1/1/1986).
     * @param timeT time in seconds since 1/1/1970.
     * @return time in half minutes since 1/1/1986.
     public static int timeTtoSDTime(int timeT) {
        return (((timeT / 30) - SDTIME_BASE) & 0x00ffffff);

The mask 0x00ffffff causes the time conversion to round to 0 about every 15 years 11 months and 12 days. The rounding occurs at the following times:

Thu, 13 Dec 2001 10:08:00 GMT
Fri, 24 Nov 2017 20:16:00 GMT
Sun, 06 Nov 2033 06:24:00 GMT
Mon, 18 Oct 2049 16:32:00 GMT
Wed, 30 Sep 2065 02:40:00 GMT
Thu, 11 Sep 2081 12:48:00 GMT
Fri, 23 Aug 2097 22:56:00 GMT
ResolutionThere is a hotfix released for Java versions 2.8.1 and for 2.6, both of which are attached to this article.
To apply the fix:
  1. Stop the RSA SAE based application.
  2. Copy the following files the application into a backup folder: RSASecurIDAuthenticationEngineAPI.jar
  3. Replace RSASecurIDAuthenticationEngineAPI.jar file in the application with the one provided in this hotfix kit attached to the article.
  4. Restart application.
NotesRSA SecurID Authentication Engine in C isn't affected by this issue.
Customers need to be on RSA SecurID Authentication Engine version 2.6 or 2.8.1 for the hotfix to work as older versions don't have a hotfix.