After setting up the RSA SecurID Authentication Agent API 8.5 the following message is seen in the log file:
Can't create api: com.rsa.authagent.authapi.AuthAgentException: Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: Could not generate DH keypair com.rsa.authagent.authapi.AuthAgentException: com.rsa.authagent.authapi.AuthAgentException: Error in initial AuthnReq/Rsp for serverTime.Error in processing Authn request: Could not generate DH keypair
at com.rsa.authagent.authapi.AuthSessionFactory.a(AuthSessionFactory.java)
at com.rsa.authagent.authapi.AuthSessionFactory.getInstance(AuthSessionFactory.java)
at sample.AuthUser.<init>(AuthUser.java:32) at sample.AuthUser.main(AuthUser.java:62)
RSA SecurID Authentication Agent API 8.5 sample code setup on a Linux platform:
- A folder called /sandbox was created on the Linux platform under a user account
- Download the Java Development Kit (JDK) 7. Unpack into the /sandbox/java folder.
- The Java Cryptography Extension (JCE) is required by the RSA SecurID Authentication Agent API 8.5.
- Rename /sandbox/java/jdk1.7.0/jre/lib/security/US_export_policy.jar and /sandbox/java/jdk1.7.0/jre/lib/security/local_policy.jar files to have a new extension of OLD.
- The new JCE US_export_policy.jar and local_policy.jar files were copied into the /sandbox/java/jdk1.7.0/jre/lib/security folder.
- Missing step 5 causes the issue above. A change is required in the <JDKHOME>/jre/lib/security/java.security file to include the RSA JCE and JSSE providers. Updated the list of providers in the /sandbox/java/jdk1.7.0/jre/lib/security/java.security file as shown:
…
…
…
#
# List of providers and their preference orders (see above): #
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=com.rsa.jsse.JsseProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=com.sun.crypto.provider.SunJCE
security.provider.8=sun.security.jgss.SunProvider
security.provider.9=com.sun.security.sasl.Provider
security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.11=sun.security.smartcardio.SunPCSC
#
#
Select the source of seed data for SecureRandom.
By default an
…
…
…
- Download the RSA SecurID Authentication Agent API 8.5.
- Copy the AuthSDK_Java_v8.5.0_1148_03_28_14_07_05_15.tar file into the /sandbox/java and unpacked this file with the tar xvf command:
tar xvf AuthSDK_Java_v8.5.0_1148_03_28_14_07_05_15.tar).
- A folder called /sandbox/agentAPI85test is created. Three new folders are created in the /sandbox/agentAPI85test folder:
- code. In readiness for the compiled Java (class files location)
- sample. Copied AceStatus.java, AuthUser.java, build.xml, NewPinSession.java & NextCodeSession.java and the io subfolder with ConsoleIO.java
- lib. Copied authapi-8.5.jar, commons-logging-1.1.1.jar, cryptoj-6.1.jar, log4j-1.2.12rsa-1.jar & xmlsec-1.5.5.jar into this folder
The example below shows the files in their folder locations:
[root@linux agentAPI85test]# ls -l
total 14544
drwxr-xr-x 6 bellm1 bellm1 4096 Mar 28 2014 AuthSDK_Java_v8.5.0_1148_03_28_14_07_05_15
-rw-r--r-- 1 bellm1 bellm1 14812160 Nov 18 12:31 AuthSDK_Java_v8.5.0_1148_03_28_14_07_05_15.tar
drwxr-xr-x 3 bellm1 bellm1 4096 Nov 18 17:16 code
-rwxrwxr-x 1 bellm1 bellm1 749 Nov 18 14:41 compile.sh
drwxr-xr-x 2 bellm1 bellm1 4096 Nov 18 12:33 lib
-rw-rw-r-- 1 bellm1 bellm1 16688 Nov 18 17:54 my_api_events.log
-rwxr-xr-x 1 bellm1 bellm1 3053 Nov 18 17:45 rsa_api.properties
-rwxr-xr-x 1 bellm1 bellm1 291 Nov 18 17:19 rsa_api.properties.OLD
-rwxr-xr-x 1 bellm1 bellm1 486 Nov 18 17:07 run.sh
drwxr-xr-x 3 bellm1 bellm1 4096 Nov 18 17:21 sample
-rwxr-xr-x 1 bellm1 bellm1 2759 Nov 18 12:42 sdconf.rec
[root@linux agentAPI85test]# cd lib
[root@linux lib]# ls -l
total 3476
-rwxr-xr-x 1 bellm1 bellm1 390024 Nov 18 12:33 authapi-8.5.jar
-rwxr-xr-x 1 bellm1 bellm1 60686 Nov 18 12:33 commons-logging-1.1.1.jar
-rwxr-xr-x 1 bellm1 bellm1 2105145 Nov 18 12:33 cryptoj-6.1.jar
-rwxr-xr-x 1 bellm1 bellm1 333059 Nov 18 12:33 log4j-1.2.12rsa-1.jar
-rwxr-xr-x 1 bellm1 bellm1 639055 Nov 18 12:33 xmlsec-1.5.5.jar
[root@linux lib]# cd ../sample
[root@linux sample]# ls -l
total 36
-rwxr-xr-x 1 bellm1 bellm1 600 Nov 18 12:34 AceStatus.java
-rwxr-xr-x 1 bellm1 bellm1 5207 Nov 18 12:34 AuthUser.java
-rwxr-xr-x 1 bellm1 bellm1 4616 Nov 18 12:34 build.xml
drwxrwxrwx 2 bellm1 bellm1 4096 Nov 18 13:11 io
-rwxr-xr-x 1 bellm1 bellm1 5714 Nov 18 12:34 NewPinSession.java
-rwxr-xr-x 1 bellm1 bellm1 812 Nov 18 12:34 NextCodeSession.java
[root@linux sample]#
- Copy the sdconf.rec and rsa_api.properties into the /sandbox/agentAPI85test folder. The configuration file sdconf.rec can be downloaded from the Security Console > Access > Authentication Agents > Generate Configuration File.
An example copy of rsa_api.properties:
# RSA Authentication API v8.5 Properties
# Configuring the rsa_api.properties file is optional.You can configure an agent name
# and the location of the sdconf.rec file. If you do not configure an agent name, the
# host name becomes the agent name.If you do not configure location for bootstrap.xml
# and config.xml,the files will reside in the sdconf.rec location.
#Note: For windows,"\\" has to be used as a path separator.
# Provide the Agent Name - default value is FQDN of authentication host RSA_AGENT_NAME=RSA_AUTHSDK_AGENT
# Provide the Agent Type - default value is 'UnKnown'
#RSA_AGENT_TYPE=RSA_WEB_AGENT
# Provide the Agent Version - default value is 'UnKnown'
#RSA_AGENT_VERSION = 7.1
# Provide the Agent Platform - default value is 'UnKnown'
#RSA_AGENT_PLATFORM = Windows_Server_2012
# Path to sdconf.rec file
# For Windows, C:\\WINDOWS\\system32\\sdconf.rec
# For Unix, /var/ace/api/sdconf.rec SDCONF_LOC=/sandbox/agentAPI85test/sdconf.rec
# Path to the Authentication Manager optional configuration file
# For Windows,C:\\WINDOWS\\system32\\sdopts.rec
# For unix,/usr/ace/api/sdopts.rec SDOPTS_LOC=/sandbox/agentAPI85test/sdopts.rec
# Location of the Authentication Manager node secret file(Agent Credential)
# For Windows,C:\\WINDOWS\\system32\\securid
# For Unix, /var/adm/ace/api/securid SDNDSCRT_LOC=/sandbox/agentAPI85test/securid
# [This section is for event logger.]
# Logs event messages to the console.
# Possible values YES/NO [Default "NO"], Valid only if RSA_LOG_LEVEL is not set to OFF. RSA_LOG_TO_CONSOLE=NO
# Logs event messages to a file.
# Possible values YES/NO [Default "YES"], Valid only if RSA_LOG_LEVEL is not set to OFF.
RSA_LOG_TO_FILE=YES
# Name of the log file. Valid only if RSA_LOG_TO_FILE is set to YES.
# For Windows, C:\\WINDOWS\\system32\\my_api_events.log
# For Unix, /var/ace/api/my_api_events.log RSA_LOG_FILE=/sandbox/agentAPI85test/my_api_events.log
# Minimum severity level allowed to log.
# OFF, DEBUG, INFO, WARN, ERROR, or FATAL, The default value is INFO.
RSA_LOG_LEVEL=INFO
# Maximum size the Log file is allowed RSA_LOG_FILE_SIZE=1MB
# Number of backup log files to maintain RSA_LOG_FILE_COUNT=10
# Connection timeout for server connection in seconds. Default value will be taken from config.xml RSA_CONNECTION_TIMEOUT=60
# Read timeout for server connection in seconds. Default value will be taken from config.xml RSA_READ_TIMEOUT=60
# Directory in which AgentName specific configuration files are stored such as config.xml,bootstrap.xml,root.cer
# For windows, C:\\Agents\\Artifacts\\
# For Unix, /var/api/securid/artifacts/ RSA_CONFIG_DATA_LOC=
# The default encryption key wrapping algorithm list. Format: <ALG>/<KEYBYTES>
# Note that currently AES-128(AES/16) is preferable to either AES-192(AES/24) or AES-256(AES/32).
RSA_ENC_ALGLIST=AES/16,AES/24,AES/32
- In the /sandbox/agentAPI85test folder two shell scripts are created called compile.sh and run.sh. Comment out the echo lines to remove the system variables being displayed during usage. Leaving the echo lines in the two shell scripts will aid towards troubleshooting problems with the shell script.
compile.sh
JDK_HOME=/sandbox/java/jdk1.7.0
echo $JDK_HOME
LIBDIR=./lib
echo $LIBDIR
CLASSPATH=$LIBDIR/authapi-8.5.jar
CLASSPATH=$CLASSPATH:$LIBDIR/commons-logging-1.1.1.jar
CLASSPATH=$CLASSPATH:$LIBDIR/cryptoj-6.1.jar
CLASSPATH=$CLASSPATH:$LIBDIR/log4j-1.2.12rsa-1.jar
CLASSPATH=$CLASSPATH:$LIBDIR/xmlsec-1.5.5.jar
CLASSPATH=$CLASSPATH:./code
echo $CLASSPATH
$JDK_HOME/bin/javac -classpath $CLASSPATH -d ./code ./sample/io/ConsoleIO.java
$JDK_HOME/bin/javac -classpath $CLASSPATH -d ./code ./sample/NewPinSession.java
$JDK_HOME/bin/javac -classpath $CLASSPATH -d ./code ./sample/NextCodeSession.java
$JDK_HOME/bin/javac -classpath $CLASSPATH -d ./code ./sample/AceStatus.java
$JDK_HOME/bin/javac -classpath $CLASSPATH -d ./code ./sample/AuthUser.java
run.sh
AVA_HOME=/sandbox/java/jdk1.7.0/jre/bin
echo $JAVA_HOME
LIBDIR=./lib
echo
$LIBDIR
CLASSPATH=$CLASSPATH:$LIBDIR/authapi-8.5.jar
CLASSPATH=$CLASSPATH:$LIBDIR/commons-logging-1.1.1.jar
CLASSPATH=$CLASSPATH:$LIBDIR/cryptoj-6.1.jar
CLASSPATH=$CLASSPATH:$LIBDIR/log4j-1.2.12rsa-1.jar
CLASSPATH=$CLASSPATH:$LIBDIR/xmlsec-1.5.5.jar
CLASSPATH=$CLASSPATH:./code
echo $CLASSPATH
$JAVA_HOME/java -classpath $CLASSPATH sample.AuthUser
#$JAVA_HOME/java -classpath $CLASSPATH sample.AceStatus
#Comment out the sample.AuthUser line and uncomment sample.AceStatus (depending on requirements)
- Running the compile.sh shell script places the class files into the code folder
[bellm1@linux agentAPI85test]$ ./compile.sh
/sandbox/java/jdk1.7.0
./lib
./lib/authapi-8.5.jar:./lib/commons-logging-1.1.1.jar:./lib/cryptoj-6.1.jar:./lib/log4j-1.2.12rsa-1.jar:./lib/xmlsec-1.5.5.jar:./code
[bellm1@linux agentAPI85test]
An example showing the file and folder structure for /sandbox/agentAPI85test/code folder after the compile:
[bellm1@linux code]$ ls -lR
.:
total 4
drwxrwxr-x 3 bellm1 bellm1 4096 Nov 18 17:16 sample
./sample:
total 20
-rw-rw-r-- 1 bellm1 bellm1 708 Nov 18 18:33 AceStatus.class
-rw-rw-r-- 1 bellm1 bellm1 3293 Nov 18 18:33 AuthUser.class
drwxrwxr-x 2 bellm1 bellm1 4096 Nov 18 17:16 io
-rw-rw-r-- 1 bellm1 bellm1 3441 Nov 18 18:33 NewPinSession.class
-rw-rw-r-- 1 bellm1 bellm1 733 Nov 18 18:33 NextCodeSession.class
./sample/io:
total 4
-rw-rw-r-- 1 bellm1 bellm1 1729 Nov 18 18:33 ConsoleIO.class
[bellm1@linux code]$
Running the run.sh shell script
[bellm1@linux agentAPI85test]$ ./run.sh
/sandbox/java/jdk1.7.0/jre/bin
./lib
:./lib/authapi-8.5.jar:./lib/commons-logging-1.1.1.jar:./lib/cryptoj-6.1.jar:./lib/log4j-1.2.12rsa-1.jar:./lib/xmlsec-1.5.5.jar:./code
Non-validating Trust Manager (Accepts all servers)
Can't create api: com.rsa.authagent.authapi.AuthAgentException: Exception processing configuration data Exception processing configuration data Agent RSA_AUTHSDK_AGENT is not registered on the server
com.rsa.authagent.authapi.AuthAgentException: com.rsa.authagent.authapi.AuthAgentException: Exception processing configuration data Exception processing configuration data Agent RSA_AUTHSDK_AGENT is not registered on the server
at com.rsa.authagent.authapi.AuthSessionFactory.a(AuthSessionFactory.java)
at com.rsa.authagent.authapi.AuthSessionFactory.getInstance(AuthSessionFactory.java)
at sample.AuthUser.<init>(AuthUser.java:32)
at sample.AuthUser.main(AuthUser.java:62)
[bellm1@linux agentAPI85test]$
- The Authentication Agent record has not been added to the Authentication Manager primary instance Security Console. The error “Can't create api: com.rsa.authagent.authapi.AuthAgentException: Exception processing configuration data Exception processing configuration data Agent RSA_AUTHSDK_AGENT is not registered on the server” is expected as the sample code has reached out to the Authentication Manager and not found an authentication agent host called RSA_AUTHSDK_AGENT listed (as defined by the rsa_api.properties file).
- After setting up an Authentication Agent record called RSA_AUTHSDK_AGENT in the Authentication Manager primary instance Security Console the following output is seen:
[root@linux agentAPI85test]# ./run.sh
/sandbox/java/jdk1.7.0/jre/bin
./lib
:./lib/authapi-8.5.jar:./lib/commons-logging-1.1.1.jar:./lib/cryptoj-6.1.jar:./lib/log4j-1.2.12rsa-1.jar:./lib/xmlsec-1.5.5.jar:./code
Username: rsatest
Passcode: 12345678
Passcode Accepted
Authentication successful
Continue? [y/n] n
[root@linux agentAPI85test]#
- Log information from the configured log file my_api_events.log where INFO data was captured:
successful[2014-11-19 15:55:12,459] FATAL main - RSA Authentication API for Java v8.5.0.0.0[1148] started
[2014-11-19 15:55:12,462] INFO main - /sandbox/agentAPI85test/sdopts.rec doesn't exist
[2014-11-19 15:55:12,462] INFO main - /sandbox/agentAPI85test/securid doesn't exist
[2014-11-19 15:55:12,670] INFO main - {AgentCryptoJProvider.getJSafeType} CryptoJ.jar is in classpath, using that to invoke Non-FIPS version of JSafe functions
[2014-11-19 15:56:06,881] INFO main - {AuthSessionFactory} Initializing Configuration data
[2014-11-19 15:58:13,204] INFO main - {setServerLoadBalanceInfo} dynamic (response time based) load balancer selected
[2014-11-19 15:58:13,204] INFO main - RSA_CONFIG_DATA_LOC not set, defaulting to current directory
[2014-11-19 15:58:13,208] INFO main - Updating the retry count to totalServers-1
[2014-11-19 15:58:13,208] INFO main - MaxRetry: 0 Total Servers: 1
[2014-11-19 15:58:13,516] INFO main - isDNSScanEnabled:false
[2014-11-19 15:58:13,519] INFO main - isDNSScanEnabled:false
[2014-11-19 15:58:13,520] INFO main - isDNSScanEnabled:false
[2014-11-19 15:58:13,521] INFO main - {Realmconfig.updateVersionInfoFromSdconf} Sdconf length = 2759
[2014-11-19 15:58:13,541] INFO main - {AgentConfigHandler::processLoadBalancingSettings}Dynamic Load balancing chosen
[2014-11-19 15:58:13,541] INFO main - {AgentConfigHandler.enumerateServerList} Resolving host: lisa.csau.ap.rsa.net
[2014-11-19 15:58:13,541] INFO main - {AgentConfigHandler.enumerateServerList} adding address: 10.32.27.33
[2014-11-19 15:58:13,542] INFO main - {AgentConfigHandler.enumerateServerList} Resolving host: marge.csau.ap.rsa.net
[2014-11-19 15:58:13,542] INFO main - {AgentConfigHandler.enumerateServerList} adding address: 10.32.27.39
[2014-11-19 15:58:13,542] INFO main - {AgentConfigHandler.enumerateServerList} Resolving host: homer.csau.ap.rsa.net
[2014-11-19 15:58:13,542] INFO main - {AgentConfigHandler.enumerateServerList} adding address: 10.32.27.38
[2014-11-19 15:58:13,542] INFO main - {AgentConfigHandler::processLoadBalancingSettings}Enumerating Avoid hostnames list
[2014-11-19 15:59:38,163] INFO main - {setServerLoadBalanceInfo} dynamic (response time based) load balancer selected
[2014-11-19 15:59:38,163] INFO main - MaxRetry: 2 Total Servers: 3
[2014-11-19 15:59:38,186] INFO main - Connection object: ServerConnection [ serviceType=CONFIG, serviceURL=http://10.32.27.39:5500/Services/ConfigService, conn=null]
[2014-11-19 15:59:38,266] INFO main - isDNSScanEnabled:false
[2014-11-19 15:59:38,268] INFO main - isDNSScanEnabled:false
[2014-11-19 15:59:38,269] INFO main - isDNSScanEnabled:false
[2014-11-19 15:59:38,270] INFO main - {Realmconfig.updateVersionInfoFromSdconf} Sdconf length = 2759
[2014-11-19 15:59:38,283] WARN main - Connection timeout value in rsa_api.properties is invalid, using the default value
[2014-11-19 15:59:38,284] INFO main - {AgentConfigHandler.initializeConfig} using server-configured connect timeout: 10
[2014-11-19 15:59:38,284] INFO main - {AgentConfigHandler.initializeConfig} using client-configured read timeout: 60
[2014-11-19 15:59:38,284] INFO main - {AuthSessionFactory} Invoking MessageKey Service to negotiate key
[2014-11-19 16:00:14,940] INFO main - MaxRetry: 2 Total Servers: 3
[2014-11-19 16:00:15,693] INFO main - MaxRetry: 2 Total Servers: 3
[2014-11-19 16:00:15,699] INFO main - staring key negotiation. Connection: ServerConnection [ serviceType=MSGKEY, serviceURL=http://10.32.27.38:5500/Services/MessageKeyService, conn=null]
[2014-11-19 16:00:16,311] INFO main - key negotiation complete. KID=d2191d3d261b200a1b1824f3d9050ceb-1acddd90a5895083 Expires: Thu Nov 20 00:00:16 EST 2014
[2014-11-19 16:00:16,379] INFO main - processRequest: AUTHN
[2014-11-19 16:00:16,420] INFO main - {AgentAuthnHandler.processAuthnRequest} authnResponse is <?xml version="1.0" encoding="UTF-8" standalone="yes"?><authn:AuthnResponse InResponseTo="05f62cd22abcf084" ID="2113e13a6ba28ff1" xmlns:gen="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication-generic" xmlns:xmime="http://www.w3.org/2005/05/xmlmime" xmlns:authn="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication" xmlns:ws-i18n="http://www.w3.org/2005/09/ws-i18n" xmlns:stat="http://www.rsa.com/schemas/2008/05/CommonAPI/status"><authn:Status Status="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/status/Continue"/><authn:MethodChoice><authn:Method ID="4c3b2f723da50dc8" Class="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/classes/Generic" Type="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/methods/OTP"><authn:Payload xsi:type="gen:ResponsePayloadType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><gen:Subject ID="12459785-f882-4aef-9168-2829eae50642"><gen:Label>User ID:</gen:Label></gen:Subject><gen:StaticText>RSA SecurID Authentication</gen:StaticText><gen:EditText MaxLength="128" Masked="true" ID="B2E9FC5F-8001-4874-9F4F-67056B637F22"><gen:Label>Passcode:</gen:Label></gen:EditText></authn:Payload></authn:Method><authn:Method ID="b8bbf96cf42aa1aa" Class="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/classes/EAP" Type="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/methods/EAP32"><authn:Payload xsi:type="gen:ResponsePayloadType" ns7:MaxIterationCount="2000" ns7:MinPepperLength="1" ns7:MaxPepperLength="2" ns7:MinIterationCount="1000" ns7:RealmID="vlvhWoGQRsC4kgg5931AZg==" xmlns:ns7="eap" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/></authn:Method></authn:MethodChoice><authn:Attributes><authn:Attribute DataType="xs:string" AttributeType="ServerTime"><authn:AttributeValue>1416373216414</authn:AttributeValue></authn:Attribute></authn:Attributes></authn:AuthnResponse>
[2014-11-19 16:00:16,432] INFO main - {Ace8Session} Server selected for Authentication: http://10.32.27.38:5500/Services/AuthnService
[2014-11-19 16:02:01,680] INFO main - MaxRetry: 2 Total Servers: 3
[2014-11-19 16:02:01,692] INFO main - processRequest: AUTHN
[2014-11-19 16:02:01,737] INFO main - {processAuthnRequest} authnResponse is <?xml version="1.0" encoding="UTF-8" standalone="yes"?><authn:AuthnResponse InResponseTo="adebcf162f0eb71f" ID="9dabadbc427b6200" xmlns:gen="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication-generic" xmlns:xmime="http://www.w3.org/2005/05/xmlmime" xmlns:authn="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication" xmlns:ws-i18n="http://www.w3.org/2005/09/ws-i18n" xmlns:stat="http://www.rsa.com/schemas/2008/05/CommonAPI/status"><authn:Status Reason="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/reasons/OK" Status="http://www.rsa.com/schemas/2008/05/CommonAPI/authentication/status/Complete"><stat:Message>Authentication Succeeded</stat:Message></authn:Status><authn:RequestContext ID="ae0d94577e7bdf40"/><authn:ResponseContext/><authn:Attributes><authn:Attribute DataType="xs:string" AttributeType="UserShell"><authn:AttributeValue></authn:AttributeValue></authn:Attribute></authn:Attributes></authn:AuthnResponse>
[2014-11-19 16:02:01,739] INFO main - {processAuthnRequest} ID verfications passed
NOTE: marge.csau.ap.rsa.net, homer.csau.ap.rsa.net and lisa.csau.ap.rsa.net are Authentication Manager instances (where marge.csau.ap.rsa.net is the primary instance)
- After the first successful authentication a new folder called RSA_AUTHSDK_AGENT appears in the /sandbox/agentAPI85test folder.mmContents of the /sandbox/agentAPI85test/RSA_AUTHSDK_AGENT folder:
[bellm1@linux RSA_AUTHSDK_AGENT]$ ls -l
total 20
-rw-r--r-- 1 root root 1904 Nov 19 15:38 bootstrap.xml
-rw-r--r-- 1 root root 1904 Nov 19 12:42 bootstrap.xml_backup
-rw-rw-r-- 1 bellm1 bellm1 5336 Nov 19 08:34 config.xml
-rw-rw-r-- 1 bellm1 bellm1 922 Nov 19 08:34 root.cer
[bellm1@linux RSA_AUTHSDK_AGENT]$