Self Service Console Login Fails with the Authenticate Tokencode after Upgrading the Authentication Manager V8.5 or Later

3 years ago

Originally Published: 2023-01-16

Article Number

000068062

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5 and above

Issue

After upgrading the Authentication Manager to V8.5 and the deployment was already connected to the Cloud Authentication Service, logging in to the Self Service Console fails.

The System Activity Monitor shows 'Identity Router not reachable' errors, despite a successful AM-to-Cloud connection in the Security Console.

/opt/rsa/am/server/logs/imsTrace.log logs the below error:

java.net.UnknownHostException: identityrouter.rsa-securid.com: Name or service not known

Note: The Identity Router's hostname (shown in red) could vary from one deployment to another.

Cause

If you upgraded Authentication Manager to version 8.5 and your deployment was already connected to the Cloud Authentication Service, you must re-connect in order to use some version 8.5 features, such as the embedded identity router and High Availability Tokencodes. To re-establish your connection, see Edit the Cloud Authentication Service Connection.

The issue here is that the AM-to-Cloud connection in Authentication Manager versions prior to 8.5 was established from the Operations Console. After upgrading to V8.5, this connection setting needs to be removed/disabled before establishing the AM-to-Cloud connection from the Security Console.

Resolution

Login to the Operations Console.
Navigate to Deployment Configuration.
Click on RSA SecurID Authenticate App.
Uncheck the 'Allow authentication using Authenticate Tokencodes' checkbox.
Re-establish a new connection from the Authentication Manager to the Cloud Authentication Service. Click here for the instructions to do so.

Don't see what you're looking for?

Related Articles

Trending Articles