Offline authentication fails for users with multiple tokens in RSA Authentication Manager 8.2 SP1
Originally Published: 2018-08-03
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1
Issue
- A user logs in with Token 1. Authentication is successful and offline day file data for that token is downloaded.
- Offline authentication with Token 1 works properly.
- The user logs off then logs on and authenticates with Token 2. Offline day files are downloaded.
- The next day the user is off the corporate network and tries to authenticate with Token 1, but authentication fails.
- They then try to authenticate using Token 2 and it works.
The sequence of the tokens does not matter.
The following error appears in the Authentication Manager server's /opt/rsa/am/server/imsTrace.log, which shows purged dayfiles as true, as shown in bold:
2018-03-06 11:15:40,052, [OARequestHandler2], (Download.java:57), trace.authmgr.oa.download, DEBUG, baesvlodc175v.greenlnk.net,,,,Sending: PolicyData [DA warning days: 7]
[Version: 1][DA failed auth limit: 20][Log DA events: true][DA days: 90][DA enabled: true][EAPC enabled: true][EATC enabled: true][Login password integration enabled: false]
[Verbose logging: false][Purge day files: true][Agent ID: -121361833][Server time: 1015413340][Agent DB name: <FQDN>]
[Version: 1][DA failed auth limit: 20][Log DA events: true][DA days: 90][DA enabled: true][EAPC enabled: true][EATC enabled: true][Login password integration enabled: false]
[Verbose logging: false][Purge day files: true][Agent ID: -121361833][Server time: 1015413340][Agent DB name: <FQDN>]
Cause
The issue is on the Authentication Manager server and not on the machine with the RSA Authentication Agent installed. This issue has been reported as defect AM-31997.
Resolution
On replicas running Authentication Manager 8.2 at any patch level, you must replace the oa-8.2.1.6.0.jar file with the updated version of oa-8.2.1.6.0.jar.
The hot fix needs to be applied on the replica servers first, then to the primary.
Instructions for applying the hot fix
- Request the hotfix from RSA Customer Support.
- Using WinSCP or FileZIlla, place the file on the appliance in /tmp.
- Navigate to /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib.
- Backup the oa-8.2.1.6.0.jar:
cd /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib cp oa-8.2.1.6.0.jar oa-8.2.1.6.0.jar.BAK
- Copy the oa-8.2.1.6.0.jar file obtained from /tmp to this directory. Please note the dot at the end of the command (used if the file is copied and saved in /tmp).
cp /tmp/oa-8.2.1.6.0.jar .
- Confirm that this directory contains the backup file and the one copied from /tmp:
ls -al oa*.jar* -rw------- 1 rsaadmin rsaadmin 180744 Jul 27 2016 oa-8.2.1.6.0.jar -rw------- 1 rsaadmin rsaadmin 180744 Jul 28 2016 oa-8.2.1.6.0.jar.BAK
- Replace the file in the other directories:
cd /opt/rsa/am/server/servers/console/tmp/_WL_user/console-shared-library/t5l98w/WEB-INF/lib cp /tmp/oa-8.2.1.6.0.jar . cd /opt/rsa/am/server/servers/AdminServer/tmp/_WL_user/console-shared-library/8hkrcb/WEB-INF/lib cp /tmp/oa-8.2.1.6.0.jar . cd /opt/rsa/am/server/servers/radiusoc/tmp/_WL_user/am-radius-app/cbsd0y/APP-INF/lib cp /tmp/oa-8.2.1.6.0.jar .
- Restart all Authentication Manager services
cd /opt/rsa/am/server ./rsaserv restart all
To revert the replacement file
- Copy the backup file to the /tmp directory
cp /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib/ oa-8.2.1.6.0.jar.BAK /tmp/oa-8.2.1.6.0.jar
- Use the same command to replace the new file with old one:
cd /opt/rsa/am/server/servers/biztier/tmp/_WL_user/am-app/mxboc6/APP-INF/lib cp /tmp/oa-8.2.1.6.0.jar . cd /opt/rsa/am/server/servers/console/tmp/_WL_user/console-shared-library/t5l98w/WEB-INF/lib cp /tmp/oa-8.2.1.6.0.jar . cd /opt/rsa/am/server/servers/AdminServer/tmp/_WL_user/console-shared-library/8hkrcb/WEB-INF/lib cp /tmp/oa-8.2.1.6.0.jar . cd /opt/rsa/am/server/servers/radiusoc/tmp/_WL_user/am-radius-app/cbsd0y/APP-INF/lib cp /tmp/oa-8.2.1.6.0.jar .
- Restart all Authentication Manager services
cd /opt/rsa/am/server ./rsaserv restart all
Related Articles
How to update the HXTT Text JDBC Driver in RSA Identity Governance & Lifecycle Number of Views Request workflow error in RSA Identity Governance and Lifecycle with Workpoint server license when editing workflows Number of Views Form variables not displaying under "Additional Information" on request in RSA Identity Governance & Lifecycle Number of Views AFX new or updated Connectors remain in a Deployed state and the MMC application fails to load in RSA Identity Governance … Number of Views Form control type "Drop Down Select with Web Services" does not support backslash in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
