This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

QR code not displaying in the RSA Authentication Manager Prime Self-Service Portal (SSP)

Article Number

000038054

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager Prime
RSA Version/Condition: 8.4
Platform: Java Runtime Environment 1.8.x

Issue

After an upgrade to RSA Authentication Manager 8.4 patch 6 and upgrading the Java version on the Authentication Manager Integration Service (AMIS) server from JRE 1.7.0 to JRE 1.8.0_221, the Self-Service Portal (SSP) failed to generate the QR code for the token request/replacement.

The QR code image keeps spinning without generating the QR code.

Image descriptionImage description

Cause

The CTF conversion utility uses the Java random function which results in a massive delay in minutes.  Oracle has noted this performance issue regarding using the random function to generate cryptographically strong random number generator (RNG), and the resolution is below in the resolution section.


As per the logs:

  • The header request API call sent from the AMIS server to the Authentication Manager server is not correct. It is stating that the distribution type of the token is CTF, however it should be CTKIP.
  • Below is the API call generated from the SSP request, found in the ssp_daily.log file, with theissuehoghlighted in red:
2019-10-10T06:29:22,001-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,start :: replaceNextToken
2019-10-10T06:29:22,001-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO , URL : http://localhost:8181/am8/token/replace/{tokenserial}/{newtokenserial}?newPinMode={booleanFlag}
2019-10-10T06:29:22,001-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO , URL Parameters : {tokenserial=000156522108, tokenType=software, booleanFlag=false}
2019-10-10T06:29:22,244-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,service result <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<serviceResult result="true">
<TokenSerialNumber>000156522080</TokenSerialNumber>
</serviceResult>

2019-10-10T06:29:22,245-0700,com.rsa.pso.selfservice.web.SSPHomeActionBean,?,INFO ,000156522108 got replaced with 000156522080
2019-10-10T06:29:22,252-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,start :: updateToken
2019-10-10T06:29:22,252-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,Header value 22818430
2019-10-10T06:29:22,252-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO , URL : http://localhost:8181/am8/token/update/
2019-10-10T06:29:22,258-0700,com.rsa.pso.selfservice.securid.AMISClientServiceImp,?,INFO ,Token Entry :<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<tokenEntry>
<algorithm>time</algorithm>
<deviceType>ims.000000000000000000002001f0050028</deviceType>
<distribution CTF="false">
<QR background="16777215" foreground="0" size="220"/>
<STDID copyProtected="false" distributionType="ctf" passwordProtect="NoPassword" regenerateTokenCode="false">
<CTFExpirationMinutes>15</CTFExpirationMinutes>
</STDID>
</distribution>
<enabled>true</enabled>
<interval>60</interval>
<pin requirePintAtNextLogin="false"/>
<properties clearValues="false">
<property name="DeviceSerialNumber" value=""/>
</properties>
<tokenCodeLength>8</tokenCodeLength>
</tokenEntry>
  • As per the Prime AMIS Developer's Guide, the request for CTKIP should look like the snippet shown below. The header below does not contain the distribution type CTF which is the error in the above request.
<tokenEntry>
<enabled>true</enabled>
<distribution>
<QR size="200" />
<CTKIP deviceFamilyName="iPhone" />
</distribution>
<deviceType>ims.000000000000000000002001f0050022</deviceType>
<algorithm>time</algorithm>
<tokenCodeLength>8</tokenCodeLength>
<interval>60</interval>
<properties clearValues="false">
<property name="DeviceSerialNumber" value="556f1985-33dd-442c-9155-3a0e994f21b1" />
</properties>
<pin requirePintAtNextLogin="false" action="nothing" pinType="passcode" />
</tokenEntry>

Resolution

Below are the steps to resolve the issue by editing the java.security file:
  1. Navigate to JRE_HOME/lib/security/.
  2. Edit the java,security file using a text editor:
vi java.security
  1. Search for securerandom.source.  Search in vi by pressing Escape button and typing a forward slash then the text string:
/securerandom.source
  1. Change the line from securerandom.source=file:/dev/random to:
securerandom.source=file:/dev/./urandom
  1. Stop and start all Tomcat services for AMIS and SSP.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 01:47 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.