Federated Identity Management Module 4.1
It was reported that there was a memory leak associated with FIMs use of log4j. This was caused by stranded references in hash table from improper use of NDC (Nested Diagnostic Classes) log4j class.
The org.apache.log4j.NDC logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/NDC.html) class is holding references to a lot of dead threads in Hashtable. NDC uses the current thread as key in this hashtable and a Stack as value. Elements are only removed from this hashtable trough the public call remove()
NDC use can lead to memory leaks if you do not periodically call the NDC.remove() method. The current NDC implementation maintains a static hard link to the thread for which it is storing context. So, when the thread is released by its creator, the NDC maintains the link and the thread (and its related memory) is not released and garbage collected like one might expect. NDC.remove() fixes this by periodically checking the threads referenced by NDC and releasing the references of "dead" threads.
This problem has been resolved in hotfix 4.1.0.21 for FIM 4.1 Please contact RSA Customer Support and request this hotfix. These hotfixes are cumulative.
Related Articles
Enterprise Manager Log settings: EM.log - log4j.xml Number of Views The audit.log is not logging to the proper location defined in the log4j.xml Number of Views Old connector Log4j files not removed in RSA Governance & Lifecycle Number of Views RSA Customer Advisory: Apache Vulnerability Log4j2 CVE-2021-44228 Number of Views How to turn off log4j errors at Thor Xellerate server startup Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
