This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Unlink the identity source if it is linked to the system error when deleting an unlinked external identity source in RSA Authentication Manager 8.x

Article Number

000029179

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Issue

A super admin is unable to delete the external identity source no longer used in the deployment. THe following error is seen when deleting external identity source from the primary Operations Console (Deployment Configuration > Identity Sources > Manage Existing.  Click the identity source you want to delete and from the context menu, click Delete😞
 
There was a problem processing your request. To delete an identity source, you must do the following:
  • Unlink the identity source if it is linked to the system
  • Schedule the 'Identity Sources Cleanup Job' batch job, and confirm that the job ran successfully.
(This job removes identity source references from the internal database.)

The following error is in the /opt/rsa/am/server/logs/imsOCTrace.log: 
@@@2014-12-04 09:22:35,909, [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'], 
(EJBRemoteTargetBase.java:178), trace.com.rsa.command.EJBRemoteTargetBase, ERROR, rsa01.staff.xyz.com,,,,
Exception during command execution.
com.rsa.command.exception.ObjectInUseException: Cannot delete an identity source with registered users and groups
                at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
                at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
                at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
                at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_1211_WLStub.executeCommand
(Unknown Source)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
                at com.sun.proxy.$Proxy72.executeCommand(Unknown Source)
                at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:251)
                at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:1)
                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
                at weblogic.security.Security.runAs(Security.java:61)
                at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
                at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167)
                at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297)
                at com.rsa.admin.DeleteIdentitySourceCommand.execute(DeleteIdentitySourceCommand.java:122)
                at com.rsa.ims.common.operationsconsole.utils.CommandUtil.executeIMSCommand(CommandUtil.java:178)
                at com.rsa.ims.web.operationsconsole.action.handler.IdentitySourceHandler.delete
(IdentitySourceHandler.java:524)
                at com.rsa.ims.web.operationsconsole.action.IdentitySourceWizardConnectionAction.delete
(IdentitySourceWizardConnectionAction.java:565)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:266)
                at com.rsa.ui.common.struts.action.RSABaseDispatchAction.execute(RSABaseDispatchAction.java:180)
                at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:413)
                at com.rsa.ui.common.util.RSAWebRequestProcessor.process(RSAWebRequestProcessor.java:220)
                at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
                at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:751)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
                at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
                at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
                at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
                at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:352)
                at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:70)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at com.rsa.ui.common.filter.I18NFilter.doFilter(I18NFilter.java:96)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at com.rsa.ui.common.security.csrf.CSRFFilter.doFilterInternal(CSRFFilter.java:166)
                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at com.rsa.ui.common.filter.UrlValidationFilter.doFilter(UrlValidationFilter.java:133)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at com.rsa.ims.common.operationsconsole.security.filter.CommonOCIMSSignOnFilter$1.run
(CommonOCIMSSignOnFilter.java:179)
                at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
                at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
                at com.rsa.ims.common.operationsconsole.security.filter.CommonOCIMSSignOnFilter.doFilter
(CommonOCIMSSignOnFilter.java:176)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at com.rsa.ims.common.operationsconsole.security.filter.CommonOCSignOnFilter.doFilter
(CommonOCSignOnFilter.java:107)
                at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun
(WebAppServletContext.java:3288)
                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run
(WebAppServletContext.java:3254)
                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
                at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
                at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
                at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
                at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
                at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1512)
                at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run
(ContainerSupportProviderImpl.java:254)
                at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
                at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

The super admin already unlinked the identity source from realm before attempting to delete it.
 

Cause

The super admin cannot delete an identity source because users and groups have registered references in the RSA Authentication Manager database. The existing identity sources may have been migrated from an RSA Authentication Manager 7.1 deployment that are no longer needed.

Resolution

Run the cleanup after either adding a new identity source or editing the existing one to use a User Base Distinguished Name (DN) in the same AD tree where the Organisational Unit (OU) has no reference to objects with an objectClass of 'user'.
  1. For example, the existing identity source is similar to what is shown here:
Identity Source: Junior Staff
User Base DN:   OU=Junior Users,DC=Staff,DC=XYZ,DC=COM
Group Base DN: OU=Junior Groups,DC=Staff,DC=XYZ,DC=COM
  1. Create a new identity source named TestRemove, with the User Bas DN and Group Base DN as shown:
User Base DN:   OU=Empty Users,DC=Staff,DC=XYZ,DC=COM
Group Base DN: OU=Empty Groups,DC=Staff,DC=XYZ,DC=COM
  1. Link TestRemove in the Security Console under Setup > Identity Sources > Link Identity Source to System.
  2. Navigate to Setup > Identity Sources > Cleanup Unresolvable Users and run the job to cleanup unresolvable users against the identity source configured with the grace period set to Disabled.
  3. After the cleanup runs, confirm that it succeeded
  4. Unlink the identity source.
  5. Attempt to delete the identity source from the Operations Console (Deployment Configuration > Identity Sources > Manage Existing.  Click the identity source you want to delete and from the context menu, click Delete).  This should remove the problematic identity source from use within the system.
  6. Repeat the steps above for any other external Identity Source you wish to delete.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 12:31 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.