000036584 - RSA Authentication Manager 8.2 SP1 offline authentication fails for users with multiple tokens

• A user logs in with Token 1, authentication is successful and offline day file data for that token is downloaded.
• Offline Authentication with Token 1 works properly.
• The user logs off, then logs on and authenticates with Token 2.  Offline day files are downloaded. 
• The next day the user is off the corporate network and tries to authenticate wit Token 1 but authentication fails. 
• They then try to authenticate using Token 2 and it works.

2018-03-06 11:15:40,052, [OARequestHandler2], (Download.java:57), trace.authmgr.oa.download, DEBUG, baesvlodc175v.greenlnk.net,,,,Sending: PolicyData [DA warning days: 7]
[Version: 1][DA failed auth limit: 20][Log DA events: true][DA days: 90][DA enabled: true][EAPC enabled: true][EATC enabled: true][Login password integration enabled: false]
[Verbose logging: false][Purge day files: true][Agent ID: -121361833][Server time: 1015413340][Agent DB name: glklag716606.greenlnk.net]

On replicas running Authentication  Manager 8.2 at any patch level, you must replace the oa-8.2.1.6.0.jar file with the updated version of oa-8.2.1.6.0.jar.

The hot fix needs to be applied on the replica servers first, then to the primary. 

Instructions for applying hot fix

1. Request the hotfix from RSA Customer Support.
2. Using WinSCP or FileZIlla, place the file on the appliance in /tmp.
3. Navigate to cd /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib.
4. Backup oa-8.2.1.6.0.jar: 

cd /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib
cp oa-8.2.1.6.0.jar oa-8.2.1.6.0.jar.BAK

5. Copy the oa-8.2.1.6.0.jar file obtained from /tmp to this directory.  Please note the dot at the end of the command (used if the file is copied and saved in /tmp )

cp /tmp/oa-8.2.1.6.0.jar .

6. Confirm that this directory contains the backup file and the one copied from /tmp:

ls -al oa*.jar*
-rw------- 1 rsaadmin rsaadmin 180744 Jul 27  2016 oa-8.2.1.6.0.jar
-rw------- 1 rsaadmin rsaadmin 180744 Jul 28  2016 oa-8.2.1.6.0.jar.BAK

7. Replace in other directories:

cd /opt/rsa/am/server/servers/console/tmp/_WL_user/console-shared-library/t5l98w/WEB-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .
cd /opt/rsa/am/server/servers/AdminServer/tmp/_WL_user/console-shared-library/8hkrcb/WEB-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .
cd /opt/rsa/am/server/servers/radiusoc/tmp/_WL_user/am-radius-app/cbsd0y/APP-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .

8. Restart all Authentication Manager services

cd /opt/rsa/am/server
./rsaserv restart all

To revert the replacement file

1. Copy the backup file to the /tmp directory

cp /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib/ oa-8.2.1.6.0.jar.BAK /tmp/oa-8.2.1.6.0.jar

2. Use the same command to replace the new file with old one:

cd /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .
cd /opt/rsa/am/server/servers/console/tmp/_WL_user/console-shared-library/t5l98w/WEB-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .
cd /opt/rsa/am/server/servers/AdminServer/tmp/_WL_user/console-shared-library/8hkrcb/WEB-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .
cd /opt/rsa/am/server/servers/radiusoc/tmp/_WL_user/am-radius-app/cbsd0y/APP-INF/lib
cp /tmp/oa-8.2.1.6.0.jar .

3. Restart all Authentication Manager services

cd /opt/rsa/am/server
./rsaserv restart all