This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

User password not saved when password integration is implemented with RSA Authentication Agent for Citrix StoreFront when logging with Risk Based Authentication in RSA Authentication Manager 8.4

Article Number

000038036

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0

Issue

RSA Authentication Manager does not save the user password when password integration is implemented with RSA Authentication Agent for Citrix StoreFront, when logging into StoreFront with Risk Based Authentication. User experiences password prompt repeatedly.

Enable verbose logging on RSA Authentication Manager and perform a RBA authentication.
You will notice below errors in opt/rsa/am/server/logs/imsTrace.log.

2019-04-11 10:58:56,440, [OARequestHandler1], (DataObjectAccessSql.java:552), trace.com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql, ERROR, sprsaam.saintpetersuh.com,,,,failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by GUID:e4263e071500cb0a1b2f26efd6e2c7a6
2019-04-11 10:58:56,441, [OARequestHandler1], (OAProcessor.java:1), trace.com.rsa.authmgr.internal.oa.engine.OAProcessor, WARN, sprsaam.saintpetersuh.com,,,,Unexpected exception during processing: PW_UPDATE_NOT_ALLOWED
com.rsa.authmgr.internal.oa.OAException: User 'venjbeverly' or agent '10.200.48.46' could not be found.
  at com.rsa.authmgr.internal.oa.engine.PasswordProcessor$1.doOperation(PasswordProcessor.java:14)
  at com.rsa.authmgr.internal.oa.engine.db.OACallback.doInTransaction(OACallback.java:5)
  at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:131)
  at com.rsa.authmgr.internal.oa.engine.db.DBUtil.doInTransaction(DBUtil.java:13)
  at com.rsa.authmgr.internal.oa.engine.PasswordProcessor.doRun(PasswordProcessor.java:13)
  at com.rsa.authmgr.internal.oa.engine.OAProcessor.run(OAProcessor.java:47)
  at com.rsa.authmgr.internal.oa.RequestReceiver.a(RequestReceiver.java:45)
  at com.rsa.authmgr.internal.oa.RequestReceiver$1.run(RequestReceiver.java:4)
  at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:80)
  at com.rsa.security.SecurityContext.doAs(SecurityContext.java:412)
  at com.rsa.authmgr.internal.oa.RequestReceiver.handleConnection(RequestReceiver.java:98)
  at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerTask.run(TCPServer.java:689)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  at java.lang.Thread.run(Thread.java:748)
  at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerThread.run(TCPServer.java:764)
2019-04-11 10:58:56,442, [OARequestHandler1], (RequestReceiver.java:44), trace.com.rsa.authmgr.internal.oa.RequestReceiver, ERROR, sprsaam.saintpetersuh.com,,,,Error handling OA request
com.rsa.authmgr.internal.oa.OAException: User 'venjbeverly' or agent '10.200.48.46' could not be found.
  at com.rsa.authmgr.internal.oa.engine.PasswordProcessor$1.doOperation(PasswordProcessor.java:14)
  at com.rsa.authmgr.internal.oa.engine.db.OACallback.doInTransaction(OACallback.java:5) 

Cause

This issue has been reported in defect AM-33846 (RSA Authentication Manager does not save the user password when password integration is implemented with RSA Authentication Agent for Citrix StoreFront, when logging into StoreFront with Risk Based Authentication).

Resolution

This issue has been resolved in RSA Authentication Manager 8.4 patch 4. However, password integration works for only users added in Authentication Manager after installing the patch. Users existing in the database prior to installing patch 4 will still continue to experience the password prompt though the password integration is enabled when logged in with Risk Based Authentication. The workaround for users existing prior to the installation of patch 4 is to edit a user record and save it. That will create the additional space to save the password in RSA Authentication Manager. 

To do this,
  1. Login to the Security Console on the primary.
  2. Navigate to Identity > Users > Manage Existing.
  3. Search for your user(s).
  4. From the context arrow, click Edit.
  5. Without making changes, click Save.

Workaround

After assigning the user an RBA token,
  1. Click the user name again. 
  2. In the drop down menu click User Authentication Settings.
  3. Put a check in Clear cached copy of selected user's Windows credentials then click Save.

Doing this creates the additional user data in the am_principal table and password integration works. Simply, if a user record is edited and closed it also helps.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 01:56 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.