After upgrading the Authentication Manager to V8.5 and the deployment was already connected to the Cloud Authentication Service, logging in to the Self Service Console fails.
The System Activity Monitor shows 'Identity Router not reachable' errors, despite a successful AM-to-Cloud connection in the Security Console.
/opt/rsa/am/server/logs/imsTrace.log logs the below error:
java.net.UnknownHostException: identityrouter.rsa-securid.com: Name or service not known
Note: The Identity Router's hostname (shown in red) could vary from one deployment to another.
If you upgraded Authentication Manager to version 8.5 and your deployment was already connected to the Cloud Authentication Service, you must re-connect in order to use some version 8.5 features, such as the embedded identity router and High Availability Tokencodes. To re-establish your connection, see
Edit the Cloud Authentication Service Connection.
The issue here is that the AM-to-Cloud connection in Authentication Manager versions prior to 8.5 was established from the Operations Console. After upgrading to V8.5,
this connection setting needs to be removed/disabled before establishing the AM-to-Cloud connection from the Security Console.