000036475 - Adding trusted realm in RSA Authentication Manager 8.1 SP1 fails with an error: "The trust is not unique. Either the trust package has already been imported under another name, or the name ace0stl0 has already been used."

Document created by RSA Customer Support Employee on Jun 24, 2018Last modified by RSA Customer Support Employee on Jun 25, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036475
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP1 and higher
 
IssueAn RSA administrator is unable to import a trusted realm package on the Authentication Manager primary. The rsa-console.log has the following error:
 

ERROR [[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)']
GUILog.traceException(587) | exception: com.rsa.command.exception.DuplicateDataException:
ERROR: duplicate key value violates unique constraint "ak_ims_trusts"
Detail: Key (owner_id, deployment_uuid, external_realm_name)=(000000000000000000001000e0011000,
832339bc-df9e-4ff3-b8cd-40f7ef40897f, SystemDomain) already exists.
(000000000000000000001000e0011000, 832339bc-df9e-4ff3-b8cd-40f7ef40897f, SystemDomain)
key is already present in the table ims_trusts.


On the Security Console the following message appears:
 
The trust is not unique. Either the trust package has already been imported under another name, or the name <realm_name> has already been used.
CauseThe primary Authentication Manager server and the the new trusted server both have same UUID in the database. This will happen because at some point the newly added trusted server was part of the current primary deployment. Each server must have a unique UUID in order to establish trusted realm.
ResolutionTo correct the issue,
  1. Connect to each RSA Authentication Manager server via SQL.
  2. At step 3 in the instructions, enter the following command on the primary for Realm 1:


db=# SELECT * FROM ims_config_value WHERE name='ims.deployment.uuid';
                id                |   instance_id    |        name         |     value
----------------------------------+------------------+---------------------+--------------------------------------
5a5f17b966e69a0a1a917ab6685884a8  | 0000-Global-0000 | ims.deployment.uuid | 90b5dfbc-6622-4398-aa18-e70aa3671151
(1 row)


  1. On the replica for Realm 2, 



    db=# SELECT * FROM ims_config_value WHERE name='ims.deployment.uuid';
                    id               |    instance_id   |         name        |     value
    ---------------------------------+------------------+---------------------+--------------------------------------
    8627add62fe39a0a010f95c16788a864 | 0000-Global-0000 | ims.deployment.uuid | 832339bc-df9e-4ff3-b8cd-40f7ef40897f
    (1 row)



    1. On the primary for Realm 2,




    db=# SELECT * FROM ims_config_value WHERE name='ims.deployment.uuid';
                    id               |    instance_id   |         name        |     value
    ---------------------------------+------------------+---------------------+--------------------------------------
    8627add62fe39a0a010f95c16788a864 | 0000-Global-0000 | ims.deployment.uuid | 832339bc-df9e-4ff3-b8cd-40f7ef40897f
    (1 row)


    Notice that the UUID for the replica in Realm 1 and the primary in Realm 2 are the same. This is the reason why the insertion of a trusted realm fails. Make sure that each server has a unique UUID.

    WorkaroundInstall a new primary instance in Realm 2 and it will have a unique UUID. Verify the UUID with  the SELECT statements above. Once that is done, adding the trusted realm will be successful.

    Attachments

      Outcomes