This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Self Service Console Login Fails with the Authenticate Tokencode after Upgrading the Authentication Manager V8.5 or Later

Article Number

000068062

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5 and above

Issue

After upgrading the Authentication Manager to V8.5 and the deployment was already connected to the Cloud Authentication Service, logging in to the Self Service Console fails. 

The System Activity Monitor shows 'Identity Router not reachable' errors, despite a successful AM-to-Cloud connection in the Security Console. 

/opt/rsa/am/server/logs/imsTrace.log logs the below error: 
java.net.UnknownHostException: identityrouter.rsa-securid.com: Name or service not known
Note: The Identity Router's hostname (shown in red) could vary from one deployment to another.


 

Cause

If you upgraded Authentication Manager to version 8.5 and your deployment was already connected to the Cloud Authentication Service, you must re-connect in order to use some version 8.5 features, such as the embedded identity router and High Availability Tokencodes. To re-establish your connection, see Edit the Cloud Authentication Service Connection.

The issue here is that the AM-to-Cloud connection in Authentication Manager versions prior to 8.5 was established from the Operations Console. After upgrading to V8.5, this connection setting needs to be removed/disabled before establishing the AM-to-Cloud connection from the Security Console.

Resolution

  1. Login to the Operations Console
  2. Navigate to Deployment Configuration
  3. Click on RSA SecurID Authenticate App.
  4. Uncheck the 'Allow authentication using Authenticate Tokencodes' checkbox. 
  5. Re-establish a new connection from the Authentication Manager to the Cloud Authentication Service. Click here for the instructions to do so. 
Tags (55)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2023-01-16 03:22 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.