RSA SecurID Access Identity Router can no longer authenticate to RSA Authentication Manager after upgrade
2 years ago
Originally Published: 2019-05-07
Article Number
000041090
Applies To
RSA Product Set:  SecurID Access
RSA Product:  Identity Router
Issue
After upgrading RSA Authentication Manager to one of the following versions, the Identity Router (IDR) begins to fail the Authentication Manager connection test and SecurID token authentications fail:
  • 8.2 SP1 P4,
  • 8.2 SP1 P5, 
  • 8.2 SP1 P6, or
  • 8.3 with no patches
IDR agent logging (/var/log/symplified/rsa_api.log or /var/log/symplified/symplified.log) shows errors like:
 
[2019-05-01 23:29:25,715] ERROR Thread-931210 - Error in processing Authn request: MessageKey [
2019-05-01 23:29:25,715] ERROR Thread-931210 - Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: MessageKey
 
The Authentication Manager imsTrace.log shows errors like:

-05-01 14:22:45,994, [[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'], (MessageKeyManager.java:9202019
trace.com.rsa.authmgr.internal.msgkey.am.MessageKeyManager, FATAL, nj-rsa-03.emwp.com,,,,remote lookup exception: com.rsa.authmgr.internal.adjudicator.AdjudicatorFailureException: Unable to find node GUID: b891a412590a5c0a6612f9858aa4d9bd
Cause
A software defect was found in RSA Authentication Manager 8.2 SP1 patch 4 which can cause Authentication Manager to be unable to identify the encryption key the IDR agent specifies when initiating communication with the Authentication Manager server.
Resolution
Upgrade all Authentication Manager instances to either:
  • RSA Authentication Manager 8.2 SP1 patch 7 or
  • RSA Authentication Manager 8.3 Patch 1 or higher.

Related Articles

Trending Articles

Don't see what you're looking for?