RSA Product Set: SecurID Access
RSA Product/Service Type: Identity Router
After completing steps to Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service
, the Identity Router > Authentication Manager connection fails. The following error is seen:
2019-11-08/16:29:28.607/UTC [pool-4-thread-11] ERROR com.rsa.authagent.authapi.v8.logger.b[?] - the current host is unknownde-sal-v-rir001: de-sal-v-rir001: Name or service not knownIDRHOSTNAME: IDRHOSTNAME: Name or service not known
2019-11-08/16:29:28.607/UTC [pool-4-thread-11] ERROR com.rsa.nga.sidproxy.SidAuthentication - Failed to verify session factory
com.rsa.authagent.authapi.AuthAgentException: com.rsa.authagent.authapi.AuthAgentException: the current host is unknownIDRHOSTNAME: IDRHOSTNAME: Name or service not knowndIDRHOSTNAME: IDRHOSTNAME: Name or service not known
Where, IDRHOSTNAME is the portal hostname of the IDR defined in step 8 of Add an Identity Router using the Cloud Administration Console.
This error shows that the IDR is not able to resolve its own portal hostname.Note
: the Identity Router's portal hostname FQDN can be viewed in either of two places:
- In the Cloud Administration Console Platform > Identity Routers page, select Edit on the Identity Router. The FQDN is in the Portal Hostname field.
- In the Identity Router's Setup Console, on the Network Settings page, under Protected Application Configuration. The FQDN is in the Identity Router HostName field.
The two fields that are listed above should have the same value.
Perform the following on all IDRs in your deployment:
- If the IDR has two NICs:
- If the IDR has a single NIC:
- Add a static DNS entry that maps the IDR's portal hostname to its interface IP address. Include both the portal hostname FQDN and shortname (separated by a space) as the alias value.
Adding a static DNS entry should be enough to resolve the issue; however, it should also be verified that there is an A record in DNS that maps the IDR's portal hostname to either:
- If the IDR has two NICs, use its own portal interface's IP address.
- If the IDR has a single NIC, use its own management interface's IP address.
These required tasks are listed in the document on how to Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service