000036516 - Alias host name redirect to consoles is not working after upgrade to RSA Authentication  Manager  8.3 patch 1

Document created by RSA Customer Support Employee on Jul 13, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036516
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3
IssueUnable to access the consoles using alias names after upgrading RSA to Authentication Manager 8.3 patch 1.  For example,
  • Authentication Manager 8.3 is deployed with a FQDN of am3-vcloud.local and configured an alias name through the hosts file with short version am83.
  • When trying to access the consoles use the URL of https://am83/sc and it automatically is redirected to the FQDN of am83-vcloud.local.

This works on Authentication Manager 8.3 prior to patch 1.  After an upgrade to 8.3 patch 1, the following error appears in the browser:

invalid request

ResolutionTo resolve this issue, you must add the alias name in the trusted host white list using the command below.
  1. Open an SSH session to the primary.
  2. Navigate to /opt/rsa/am/utils

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Wed Jun 20 05:24:51 2018 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am83p:~> cd /opt/rsa/am/utils

  1. Run the following command to add the alias name new configuration for the first time 

./rsautil store -a add_config ims.trustedhost.whitelist.custom "AliasNameOfPrimary,AliasNameOfReplica" GLOBAL STRING

If values already exist, use update_config instead of add_config, as shown:

./rsautil store -a update_config ims.trustedhost.whitelist.custom "AliasNameOfPrimary,AliasNameOfReplica" GLOBAL STRING

  1. To have the change tale effect, restart the services on the primary server 

cd /opt/rsa/am/server
./rsaserv restart all

  1. Now access the console again with the alias name.