This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

AMIS AM Prime Unable to create/add user account from HDAP portal

Article Number

000039503

Applies To

RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1, 8.x
Platform (Other): AMIS 1.3

Issue

Authentication Manager, AM Prime aka AMIS unable to create or add a new user in the Help Desk Administration Portal, HDAP, with error thrown from Server Status: 405
Image descriptionImage description
There is some unexpected issue with the server. Status: 504 Please check if the server is accessible.

AMIS logs
===hdap.log===
ERROR com.rsa.pso.lap.springbeans.AMISClientServiceImp - Exception :: AMISClientServiceImp.getIdentitySources() :: /java.lang.NullPointerException
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception while creating user/com.rsa.pso.exception.ServiceException
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception occurred sending status code 500/com.rsa.pso.exception.ServiceException
DEBUG com.rsa.pso.util.LAPUtils - Action /am71/user/createUser is protected by permission user:create
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception occurred sending status code 401/java.lang.Exception

===claimfilter===
ERROR com.emc.rsa.pso.amis.service.claimFilter - unable to validate token 22697441
INFO com.emc.rsa.pso.amis.service.claimFilter - Returning unauthorized.
INFO com.emc.rsa.pso.amis.service.claimFilter - Loading claim set
INFO com.emc.rsa.pso.amis.service.claimFilter - Session token : RSA_AUTHENTICATION_TOKEN was not found in session.

 

Cause

The root cause of the issue is an enhancement that is done to add Driver Statistics in AMIS in May 2020 with Changelist ID 1304761.
Sample Response after AMIS May 2020 ChangeList ID 1304761:

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<serviceResult result="true">
<driverStatistics maxAllocTime="1857" maxReleastTime="0" maxThreadCount="1" totalAllocTime="1857" totalReleaseTime="0" totalRequests="1" />
</serviceResult>
 

Resolution

Need to update the am8.war files using the build from 04-Dec-2020

Steps to follow:
  1. Copy am8.war to Prime SSP servers.
  2. Stop AMIS service - WinServices Apache AMIS
  3. cd to ~/primekit/tomcat/tomcat-amis/work/
  4. From within dir above "rm -rf Catalina" or "rename Catalina"
  5. cd to ~/primekit/tomcat/tomcat-amis/webapps/
  6. Rename am8.war to .old_repl_tok extension
  7. (rename or) "rm -rf auth/ am8/ workflow/ rsa-endpoints/" from webapps repeat for other directories too: auth, am8, and workflow
  8. Copy the new am8.war to ~/primekit/tomcat/tomcat-amis/webapps/.
  9. Start AMIS

Should not need to reset permissions script 3_reset_perms.bat in Windows.
 

Workaround

Work-around is to add Users to the Security Console.

Notes

See Jira PSSSP-778 - Help Desk Admin Portal @Ernst&Young CreateUser fails after Microsoft Windows Security update.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-02-17 02:02 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.