|Applies To||RSA Product Set: SecurID Access|
RSA Product/Service Type: Identity Router and Authentication Manager
RSA Version/Condition: IDR 126.96.36.199.1 and later, Authentication Manager 8.2 and later
|Issue||When configuring RSA Authentication Manager and the RSA Cloud Authentication Service to Enable Cloud Authentication Service Users to Access Resources Protected by RSA SecurID, a correctly configured Authentication Manager server is unable to connect to a correctly configured RSA Identity Router (IDR) when the Test Connection button is clicked in the Authentication Manager Operations Console. The following error is displayed on the Operations Console page:|
Authentication Manager cannot connect to any identity routers. Authenticate Tokencodes are not available.
At the same time, the log of the IDR to which Authentication Manager attempted to connect, will show an event with this format:
ERROR com.symplified.application.appliance.api.authentication.RestAuthenticationInInterceptor - Unable to parse date "AM-date-time-timezone"
where, AM-date-time-timezone is the date, time and configured time zone of Authentication Manager at the time of the test. For example, "Fri, 02-Feb-18 10:36:11 Hawaii-Aleutian Standard Time"
|Cause||For a limited number of time zones, there is an incompatibility between the time zone name string in Authentication Manager and the IDR. The affected time zones will vary depending on the version of Authentication Manager and the RSA Identity Router. For example, when using RSA Authentication Manager 8.2 SP1 with the February 2018 release of the RSA Cloud Authentication Service (IDR 188.8.131.52.2) the following time zones will be affected:|
|Workaround||Update System Date and Time Settings in RSA Authentication Manager to use another time zone with the same UTC offset. Take care that the Daylight Savings Time changes for the chosen temporary time zone occur on the same day and time as your actual region.|
The use of a temporary time zone should be maintained until a fix for this issue is released by RSA and your IDRs and/or Authentication Manager (according to the release instructions) are upgraded to the fixed version(s).
|Notes||There are other reasons that can cause Authentication Manager to be unable to connect to the IDR, resulting in the same Authentication Manager error message to be logged or this type of authentication to fail.|
This article only applies if the INTERNAL_SERVER_ERROR and Unable to parse date error event described in the Issue section above is also logged by the IDR. To check for this event, the IDR system log can be viewed in one of the following two ways: