This article is version-specific and relates only to RSA Authentication Manager servers running 8.2 SP1 (8.2.1) to 8.2.1.8 (8.2 SP1 patch 8).

This workaround is provided if you are not in a position to immediately upgrade to RSA Authentication Manager 8.3 and above.

• After enabling the DEBUG for the REST protocol, /var/ace/log/mfa_rest.log shows the following error:

• When Configure Logging and setting the Trace.log value to Verbose, the error that is shown here is in the /opt/rsa/am/server/logs/imsTrace.log:

• The REST code was populating the Logical Agent IP to the client IP. Because of this, if the Logical Agent IP is not provided, it resolves to some random IP in the environment.
• The REST code after RSA Authentication Manager 8.3 and higher retrieves the client IP from the incoming authentication request and populates it in RSA Authentication Manager.

As a workaround, try the following:

1. Create an agent using the steps in Deploying an Authentication Agent That Uses the REST Protocol
2. Populate the agent with a logical IP address that the RSA Authentication Manager server can resolve.
3. Provide the agent name to all the REST agents and update /var/ace/conf/mfa_api.properties on the client machine with that information.
4. Users should now be able to log in to SSH using the REST mode without issue.

• The RSA Authentication Agent for PAM that is installed with UDP protocol as an operation method works when the user logs in through SSH.
• Nothing is observed in the RSA Authentication Manager authentication activity monitor during user authentication.
• The RSA Authentication Agent 8.0.x for PAM is installed on a supported platform.
• The RSA Authentication Agent 8.0.x for PAM is installed with REST protocol as an operation method, as shown in bold here: