This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TimMeader
New Contributor
New Contributor
ā€Ž2022-06-03 03:33 AM

Authentication Agent 8.0.5 for Apache not working (RHEL 8.6)

Has anyone else been successful getting the RSA Auth Agent for Apache to start-up properly on RHEL 8.6? We're trying to migrate from CentOS 7.9, but on the rebuild on RHEL 8.6, RSA Auth Agent is always showing the following errors at startup (from the Apache error_log):

-----

Error can't connect to ACE/Server

start child 13669
rpc_server 13668 started by 13658
grep RSALogoffCookieService /proc/*/cmdline | sed 's/\/cmdline.*\/proc\// /g' | sed 's/\/cmdline.*/ /' | sed 's/.*\/proc\// /' | sort -u
Error can't connect to ACE/Server
grep RSALogoffCookieService /proc/*/cmdline | sed 's/\/cmdline.*\/proc\// /g' | sed 's/\/cmdline.*/ /' | sed 's/.*\/proc\// /' | sort -u
[Fri Jun 03 07:23:25.537248 2022] [suexec:notice] [pid 13658] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AceShutdown try to kill process 13668
signal 15 received

Error can't connect to ACE/Server

start child 13696
rpc_server 13695 started by 13658
grep RSALogoffCookieService /proc/*/cmdline | sed 's/\/cmdline.*\/proc\// /g' | sed 's/\/cmdline.*/ /' | sed 's/.*\/proc\// /' | sort -u
Error can't connect to ACE/Server
[Fri Jun 03 07:23:25.609265 2022] [http2:warn] [pid 13658] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Fri Jun 03 07:23:25.612804 2022] [mpm_prefork:notice] [pid 13658] AH00163: Apache/2.4.37 mod_rsawebagent/8.0.5[033] OpenSSL/1.1.1k configured -- resuming normal operations
[Fri Jun 03 07:23:25.612826 2022] [core:notice] [pid 13658] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

---

Things are setup completely according to the directions in the 8.0 Installation and Configuration guide, but we're always seeing these errors at apache startup. For some reason it appears unable to connect to the server? When you try to load the site itself, the message displayed in the browser is:

106: The Web server is busy. Please try again later.

The permissions and files (under the /var/ace directory) are identical to the working configuration that we had on CentOS 7.9. I've made sure that UDP is being used with the USEUDP_ENV_VAR=true environment var. I've tried both prefork and event mpm models for Apache. Of course, we don't see the rpc errors when using the mpm_event module in Apache, but the 106:xxxx error on the webpage itself is the same.

 

Also tried setting the RSATRACELEVEL and RSATRACEDEST environment variables to try and get some more informative logging... but these appear to have no effect (no logs are ever appearing)?

After quite a few hours fighting with this, I'm at a loss. Hoping someone might have some ideas.  Thanks in advance.

0 Likes
Reply
3 Replies
RobertG
Frequent Contributor Frequent Contributor
Frequent Contributor
ā€Ž2022-06-07 06:51 PM

Hello Tim,

Please be advised that the Apache Web Agent is not currently supported on RHEL 8.6. Please see the "Hardware and Operating System Requirements" section in the "RSA Authentication Agent 8.0 for Web for Apache Web Server Installation and Configuration Guide" here for what the supported operating systems are: https://community.securid.com/t5/securid-authentication-agent-for/rsa-authentication-agent-8-0-for-web-for-apache-web-server/ta-p/564511

Additionally, the release notes specific to the 8.0.5 version of the Apache Web Agent can be found here: https://community.securid.com/t5/securid-authentication-agent-for/rsa-authentication-agent-8-0-5-for-web-for-apache-release-notes/ta-p/585267 

Are you able to try using the Apache Web Agent on a supported operating system?

0 Likes
Reply
TimMeader
New Contributor
New Contributor
In response to RobertG
ā€Ž2022-12-14 10:18 PM

Are there ANY plans to create a version of RSA Auth Agent for Apache that supports the current versions of RHEL 8.x? We (and I can't imagine any other corporation using the Auth Agent) aren't allowed to keep our servers on a now ancient version of RHEL 8 (the current version is now 6 releases past the version "supported" by RSA) simply to support security software. This seems very counterintuitive.

If the Auth Agent for Apache has been abandoned, please let us know so that we can move away from the product and seek out something else for secure authentication.

Note: Auth Agent for Apache 8.0.6 was released since I originally posted this question. However, this does not resolve the issue.

0 Likes
Reply
RobertG
Frequent Contributor Frequent Contributor
Frequent Contributor
In response to TimMeader
ā€Ž2022-12-15 04:39 PM

Hello Tim,

There is currently an open request internally for our engineering team to qualify the Authentication Agent for Apache Web Server on newer versions of RHEL 8.x and 9.x, so it is on their radar, though I do not have a timeline to provide. For reference, the internal ticket number is AAAPC-559. I've added your comments to the internal ticket. I also recommend reaching out to your RSA account representative to push for this qualification and for more details about the product roadmap.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.