Article Number
000038445
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager SDK
RSA Version/Condition: 8.x
Issue
The following error displays after performing all steps in article
000034753 - Configure RSA Authentication Manager 8.x software developer kit (SDK):
ERROR: com.rsa.authn.AuthenticationCommandException: Access Denied
at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:172)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740)
at com.rsa.samples.admin.AdminAPIDemos.main(AdminAPIDemos.java:1373)
Cause
The error occurs for the following reasons:
- The Security Console administrator is not a member of the internal database, but rather, belongs to an external identity source.
- The user entered invalid Security Console login credentials, such as an invalid username or password.
Resolution
Create a super admin in the internal database
- Log in to the Security Console with a super admin user.
- Go to Identity > Users > Add New.
- Create a user by filling out all required fields and other details, if needed.
- Click Save.
- Go to Administration > Administrative Roles > Manage Existing.
- Scroll to SuperAdminRole and from the context arrow, select Assign More.
- Search for the new user created in step 3.
- Place a check in the box next to the user ID and click Assign to Role.
Submit the correct credentials into the SDK
If you are using the SDK sample code as discussed in
000034753 - Configure RSA Authentication Manager 8.x software developer kit (SDK), then the Program Arguments consists of three inputs, which are separated by spaces. The first input is the action (for example, create, assign, list-users, etc.). The second is the name of the new super admin created above. The third input is that user's password. For example,
[Program Arguments]
list-users superadmin P@55w0rd
Notes
Other than the sample code, the super admin username and password may be put into a different method depending on the code.