Article Number
000038116
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Agent for Web: Apache
RSA Version/Condition: 8.0.x
Issue
RSA Authentication Agent for Web: Apache Web Server is installed on a Red Hat Enterprise Linux (Red Hat Enterprise Linux) server. An authentication attempt using the acetest utility fails with the following error on real-time authentication activity monitor:
TRANSACTION_ROLLBACK
Cause
The authentication request is coming from an invalid IP address. The agent record on the RSA Authentication Manager server was configured with one IP address, and the request is coming from another IP address.
Also, the acestatus output showed a Server Active Address: 0.0.0.0154.236 which indicates a corrupt sdconf.rec file.
Resolution
- Connect to Security Console for the primary RSA Authentication Manager server
- Navigate to Access > Authentication Agents > Generate Configuration File and download the AMconfig.zip.
- Extract the sdconf.rec file from the .zip.
- Replace the existing sdconf.rec file on the Apache server with the one extracted above.
- Run the command acestatus and ensure that the correct primary server IP address is displayed.
- From the primary's Security Console, navigate to Access > Authentication Agents > Manage Existing and locate the agent that is having the issue.
- Click the context arrow next to the agent name and choose Delete.
- Open a real time authentication activity monitor (Reports > Real Time Monitors > Authentication Activity Monitor) and press Start Monitor.
- Perform the authentication using acetest. Notice the message on real-time authentication activity monitor and jot down the IP address:
Agent host not found n.n.n.n
- Navigate to navigate to Access > Authentication Agents > Add New.
- Recreate the agent record in the Security Console using the IP address noted in Step 9 above.
- On the Apache web server, edit the sdopts.rec file to add the CLIENT_IP value in the format below. Replace the n.n.n.n value with the IP address in Step 9:
CLIENT_IP=n.n.n.n
- Perform authentication using acetest. Authentication will be successful.
- Restart the Apache web server.
- Perform the authentication on the web page to confirm.