This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Access Manager Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Access Manager experts.

RSA Access Manager Admin API application fails with ExpiredPasswordException

Article Number

000032318

Applies To

RSA Product Set:ClearTrust, Access Manager (AxM)
RSA Version/Condition: 6.2
 

Issue

Custom RSA Access Manager Admin API application fails with the following exception:

Caused by: sirrus.api.client.ExpiredPasswordException: Expired password (RC_EXPIRED_PASSWORD): Expired Password: NormalExpiration

The RSA Access Manager eserver.log (or lserver.log for the eserver) logs the following event:
 
sequence_number=235,2016-01-03 13:45:55:221 PST,conn=46,op=2,eventID=bd12406815e114434343369320279,messageID=101,ip=10.10.10.1,uname=<anonymous>,msg=Login,msgtype=READ,result=19,etime=3ms,role=Default Administrative Role,group=Default Administrative Group,user=administrator

Cause

This error message indicates that the password on the RSA Administrative user account used by the Admin API has expired.
 

Resolution

Reset the password on the RSA Access Manger administrative user account identified in the eserver.log message.   It is also recommended to extent the password lifetime of the administrative user account so that the error does not occur again. 

How you set the password lifetime depends on the type of datastore you are using for your users and how you have your password policies set.

If you are using the default RSA Access Manager user store (for example SunOne datastore or Oracle SQL), then your password policy is determined by RSA Access Manager and is configured in the Entitlements Manger under Administration, Password Policies.   The policy that is in effect is the one associated with the “Default Administrative Group”.   You can also set an explicit password expiration date that overrides the policy and for this user I would recommend that you do so.  That is done under “Manage users” by editing the “password expires”  date for this user specifically.

If you are not using RSA Access Manger for user and user password management, for example if your users are in an external Active Directory AD datastore, then the password expiration is managed by the underlying native user store itself.  For that you should consult your systems administrator to determine how to change the users password expiration date.  For Microsoft AD this is done in the MMC console. 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 07:41 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.