This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
mridulanainani
Beginner
Beginner
‎2017-05-11 07:05 AM

Exception unmarshalling type: java.lang.Class Exception: com.sun.xml.internal.bind.v2.ContextFactory

Jump to solution

While calling authapi-8.6.jar in EclipseJuno IDE , following error is coming for missing dependency .  Sample code run is successful , but call from mavenized environment issues is coming

 

[2017-04-04 20:14:50,939] FATAL http-/10.40.130.87:8080-5 - Exception unmarshalling type: java.lang.Class Exception: com.sun.xml.internal.bind.v2.ContextFactory

 

RSA API is downloaded from following : https://community.rsa.com/docs/DOC-53593

RSA SecurID Authentication Agent API 8.6 for Java

Dependency is called inside in  authapi-8.6.jar inside JAXB.properties

javax.xml.bind.context.factory=com.sun.xml.internal.bind.v2.ContextFactory

 

Request you to please provide solution
 Reference case no : 00966273

 

Labels (1)
Labels
authapi-8.6.jar
0 Likes
Reply
1 Solution

Accepted Solutions
TedBarbour
Employee
Employee
In response to mridulanainani
‎2017-05-16 11:09 AM

Jump to solution

Did you follow the Dev Guide instructions concerning java security policy files?

If you have already done this, I would recommend opening a support case to troubleshoot further.

 

Configure Message Key Negotiation

To configure message key negotiation, you must copy RSA JSafe jar files and download policy files to utilize the encryption and decryption functionalities of the JCE framework.

1.     From the <kit_root>/lib folder, copy certj-6.1.jar, sslj-6.1.0.1.jar, cryptojce-6.1.3.3.jar, cryptojcommon-6.1.3.3.jar, and jcmFIPS-6.1.3.3.jar to the following location.

o    <JAVA_HOME>/jre/lib/ext/

2.     Edit the <JAVA_HOME>/jre/lib/security/java.security file so that the two RSA security providers are listed first.

o    security.provider.1=com.rsa.jsafe.provider.JsafeJCE 
security.provider.2=com.rsa.jsse.JsseProvider

3.     To use the encryption and decryption functionalities of the JCE framework without any limitation, download the policy jar files for your Java virtual machine (JVM).

o    If you are using the Oracle JDK 1.6, download the JCE Unlimited Strength Jurisdiction Policy Files 6.

http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

o    If you are using the Oracle JDK 1.7 or OpenJDK 1.7, download the JCE Unlimited Strength Jurisdiction Policy Files 7.

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

o    If you are using the Oracle JDK 1.8, download the JCE Unlimited Strength Jurisdiction Policy Files 8.

http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

4.     Unzip the policy jar files, and copy the unlimited policy files US_export_policy.jar and local_policy.jar to the lib/security folder of the JDK installation. For example:

o    <JAVA_HOME>/jre/lib/security directory

 

View solution in original post

Reply
7 Replies
TedBarbour
Employee
Employee
‎2017-05-11 11:11 AM

Jump to solution

Hi - can you provide the agent API debug log and the full stack trace? 

0 Likes
Reply
mridulanainani
Beginner
Beginner
In response to TedBarbour
‎2017-05-12 08:39 AM

Jump to solution

Dear Ted,

 

Dependency error was resolved by adding JAVA HOME JRE\LIB and LIB jars explicitly to build path of eclipse

Not Sure why explicitly JARS had to be added in Eclipse build path, Since compile time no error came and it referred JRE System library .

However for Build error we had to again add Jars to Build Path in Eclipse .

 

However following error is coming now :

 

ERROR http-/10.40.130.87:8080-4 - Error in processing Authn request: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ERROR http-/10.40.130.87:8080-4 - Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

 

Complete error stack :

 

INFO http-/10.40.130.87:8080-4 - {Realmconfig.updateVersionInfoFromSdconf} Sdconf length = 2780

DEBUG http-/10.40.130.87:8080-4 - set trusted CA from D:\jboss-eap-6.3\bin\Agents\Artifacts
Test IFD\root.cer

DEBUG http-/10.40.130.87:8080-4 - {AgentConfigHandler.updateBootStrapData} Its UPDATE_NOT_REQUIRED config response, let us not update LoadBalancing info

DEBUG http-/10.40.130.87:8080-4 - Added factory info for : com.rsa.authmgr.commonagent.xsd.bootstrap.AgentConfigurationType

INFO http-/10.40.130.87:8080-4 - {AgentConfigHandler.initializeConfig} using client-configured connect timeout: 60

INFO http-/10.40.130.87:8080-4 - {AgentConfigHandler.initializeConfig} using client-configured read timeout: 60

INFO http-/10.40.130.87:8080-4 - Invoking MessageKey Service to negotiate key

INFO http-/10.40.130.87:8080-4 - MaxRetry: 0 Total Servers: 1

DEBUG http-/10.40.130.87:8080-4 - Added JAXB context for : com.rsa.authmgr.commonagent.xsd.authn

DEBUG http-/10.40.130.87:8080-4 - Added factory info for : com.rsa.authmgr.commonagent.xsd.authn.AuthnRequestType

DEBUG http-/10.40.130.87:8080-4 - constructing client key negotiation context.

ERROR http-/10.40.130.87:8080-4 - Error in processing Authn request: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ERROR http-/10.40.130.87:8080-4 - Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

Tech Stack Used :

 

Java 1.7

Jboss 6.3

0 Likes
Reply
PiersB
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2017-05-12 09:06 AM

Jump to solution

Hi Mridula,

Another option you might consider would be to look at the new RSA SecurID Authentication API. This is a REST-based interface available in AM 8.2 SP1 and is based on a OpenAPI interface specification. The OpenAPI interface specification is posted at DOC-71396 - RSA SecurID Authentication API Definition. This allows customers to generate client language bindings in a variety of different languages by importing the interface definitions (including Java!).

 

Note: RSA Authentication Manager AM 8.2 SP1 is required and the REST authentication service must be enabled in the System Settings interface.

Reply
TedBarbour
Employee
Employee
In response to mridulanainani
‎2017-05-12 10:03 AM

Jump to solution

Thanks for the information.  

What is the Authentication Manager version you are using?

Are you limited to using java 1.7 or could you use 1.8?

0 Likes
Reply
mridulanainani
Beginner
Beginner
In response to TedBarbour
‎2017-05-16 10:45 AM

Jump to solution

Dear Ted,

 

Thanks for your input , We have upgraded to Java 8 as suggested AM version

is 8.1 SP13 .

 

Error coming is , Request you to please guide for the same

 

 

19:28:51,103 INFO (http-/10.40.130.87:8080-1) [2017-05-16

19:28:51,103] DEBUG http-/10.40.130.87:8080-1 - constructing client key

negotiation context.

 

19:28:53,762 INFO (http-/10.40.130.87:8080-1) [2017-05-16

19:28:53,762] ERROR http-/10.40.130.87:8080-1 - Error in processing Authn

request: Cannot support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA with currently

installed providers

 

19:28:53,762 ERROR

(http-/10.40.130.87:8080-1) Error in processing Authn request: Cannot

support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA with currently installed

providers

19:28:53,763 INFO (http-/10.40.130.87:8080-1) [2017-05-16

19:28:53,763] ERROR http-/10.40.130.87:8080-1 - Error in initial

AuthnReq/Rsp for serverTime.Error in processing Authn request: Cannot

support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA with currently installed

providers

 

19:28:53,763 ERROR

(http-/10.40.130.87:8080-1) Error in initial AuthnReq/Rsp for

serverTime.Error in processing Authn request: Cannot support

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers

19:28:53,764 INFO (http-/10.40.130.87:8080-1) Can't create api:

com.rsa.authagent.authapi.AuthAgentException: Error in initial

AuthnReq/Rsp for serverTime.Error in processing Authn request: Cannot

support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA with currently installed

providers

 

19:28:53,764 INFO (http-/10.40.130.87:8080-1)

 

19:28:53,765 ERROR (http-/10.40.130.87:8080-1)

com.rsa.authagent.authapi.AuthAgentException:

com.rsa.authagent.authapi.AuthAgentException: Error in initial

AuthnReq/Rsp for serverTime.Error in processing Authn request: Cannot

support TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA with currently installed

providers

 

Thanks and Regards

Mridula Nainani

0 Likes
Reply
TedBarbour
Employee
Employee
In response to mridulanainani
‎2017-05-16 11:09 AM

Jump to solution

Did you follow the Dev Guide instructions concerning java security policy files?

If you have already done this, I would recommend opening a support case to troubleshoot further.

 

Configure Message Key Negotiation

To configure message key negotiation, you must copy RSA JSafe jar files and download policy files to utilize the encryption and decryption functionalities of the JCE framework.

1.     From the <kit_root>/lib folder, copy certj-6.1.jar, sslj-6.1.0.1.jar, cryptojce-6.1.3.3.jar, cryptojcommon-6.1.3.3.jar, and jcmFIPS-6.1.3.3.jar to the following location.

o    <JAVA_HOME>/jre/lib/ext/

2.     Edit the <JAVA_HOME>/jre/lib/security/java.security file so that the two RSA security providers are listed first.

o    security.provider.1=com.rsa.jsafe.provider.JsafeJCE 
security.provider.2=com.rsa.jsse.JsseProvider

3.     To use the encryption and decryption functionalities of the JCE framework without any limitation, download the policy jar files for your Java virtual machine (JVM).

o    If you are using the Oracle JDK 1.6, download the JCE Unlimited Strength Jurisdiction Policy Files 6.

http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

o    If you are using the Oracle JDK 1.7 or OpenJDK 1.7, download the JCE Unlimited Strength Jurisdiction Policy Files 7.

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

o    If you are using the Oracle JDK 1.8, download the JCE Unlimited Strength Jurisdiction Policy Files 8.

http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

4.     Unzip the policy jar files, and copy the unlimited policy files US_export_policy.jar and local_policy.jar to the lib/security folder of the JDK installation. For example:

o    <JAVA_HOME>/jre/lib/security directory

 

Reply
mridulanainani
Beginner
Beginner
In response to TedBarbour
‎2017-05-17 09:39 AM

Jump to solution

Thanks Ted issue is now resolved

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.