Article Number
000029178
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1
Issue
The RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console. The following error was reported in the /opt/rsa/am/server/logs/radiusoc.log log file.
####<Dec 8, 2014 1:31:47 PM EST> <Error> <Security> <app81p> <radiusoc> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<<WLS Kernel>> <> <> <1418005907269> <BEA-090870> <The realm "rsa" failed to be loaded: weblogic.security.service.SecurityServiceException:
com.bea.common.engine.ServiceInitializationException:
weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file
/opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException:
A failure occurred attempting to load
LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:466)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:148)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException:
A failure occurred attempting to load LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
at com.bea.security.css.CSS.getService(CSS.java:123)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:148)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file
/opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadFullLDIFTemplate(BootStrapServiceImpl.java:910)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFTemplate(BootStrapServiceImpl.java:688)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:178)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:162)
at com.bea.common.security.internal.service.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:109)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at com.sun.proxy.$Proxy7.loadLDIFXACMLAuthorizerTemplate(Unknown Source)
at com.bea.security.providers.xacml.store.AuthorizationPolicyStore.init(AuthorizationPolicyStore.java:81)
at com.bea.security.providers.xacml.store.DefaultPolicyStoreConfigurator.newPolicyStore(DefaultPolicyStoreConfigurator.java:22)
at weblogic.security.providers.xacml.authorization.PolicyDecisionPointFactory.getStore(PolicyDecisionPointFactory.java:265)
at weblogic.security.providers.xacml.authorization.PolicyDecisionPointFactory.getAuthorization(PolicyDecisionPointFactory.java:69)
at weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl.initialize(XACMLAuthorizationProviderImpl.java:127)
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:60)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
at com.bea.security.css.CSS.getService(CSS.java:123)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:148)
Note that app81p is the short name of the Authentication Manager instance where this error was found.
Cause
An administrator was following the instructions from page 164 of the
RSA Authentication Manager 8.1 Administrator’s Guide to replace the console certificate via the Operations Console and the alias name used matched the short name of the Authentication Manager.
Resolution
Please contact
RSA Customer Support to seek assistance in removing the SSL server certificate(s) and/or Signer Certificate(s) from the appropriate certificate keystores used by the Authentication Manager software.
Refer to article number 000029178 after opening a support request with RSA Customer Support with your license information from the RSA Authentication Manager. The serial number for the license can be found in the Security Console under
Setup >
Licenses >
Status. Click
View Installed Licenses then click
License ID to display the serial number.
Workaround
Please do not use the Authentication Manager instance short name as the alias when replacing the console certificate.