RSA SecurID Access Identity Router can no longer authenticate to RSA Authentication Manager after upgrade

2 years ago

Originally Published: 2019-05-07

Article Number

000041090

Applies To

RSA Product Set: SecurID Access
RSA Product: Identity Router

Issue

After upgrading RSA Authentication Manager to one of the following versions, the Identity Router (IDR) begins to fail the Authentication Manager connection test and SecurID token authentications fail:

8.2 SP1 P4,
8.2 SP1 P5,
8.2 SP1 P6, or
8.3 with no patches

IDR agent logging (/var/log/symplified/rsa_api.log or /var/log/symplified/symplified.log) shows errors like:

[2019-05-01 23:29:25,715] ERROR Thread-931210 - Error in processing Authn request: MessageKey [
2019-05-01 23:29:25,715] ERROR Thread-931210 - Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: MessageKey

The Authentication Manager imsTrace.log shows errors like:

-05-01 14:22:45,994, [[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'], (MessageKeyManager.java:9202019
trace.com.rsa.authmgr.internal.msgkey.am.MessageKeyManager, FATAL, nj-rsa-03.emwp.com,,,,remote lookup exception: com.rsa.authmgr.internal.adjudicator.AdjudicatorFailureException: Unable to find node GUID: b891a412590a5c0a6612f9858aa4d9bd

Cause

A software defect was found in RSA Authentication Manager 8.2 SP1 patch 4 which can cause Authentication Manager to be unable to identify the encryption key the IDR agent specifies when initiating communication with the Authentication Manager server.

Resolution

Upgrade all Authentication Manager instances to either:

RSA Authentication Manager 8.2 SP1 patch 7 or
RSA Authentication Manager 8.3 Patch 1 or higher.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles