AnsweredAssumed Answered

Connecting AM 8.2 SP1 to the cloud authentication service

Question asked by JOHN MILLER on May 11, 2017
Latest reply on Jul 28, 2017 by Erica Chalfin

Like • Show 0 Likes0
Comment • 7

Hi,

I am trying to connect my AM8.2 sp1 deployment to the Access portal/IDR. On page 17 of the "Integrating the cloud authentication service and RSA authentication manager" it asks you to upload the IDR root certificate. I do not have a copy of this. Is there a way to obtain this from the web portal or the IDR?

Below is a snippet of the instructions:

"5. In the Access ID and Access Key fields, enter the information that the Cloud Authentication Service administrator provided for the identity router API.

6. In the Identity Router Root Certificate field, click Browse and select the certificate that Authentication Manager requires to trust the Cloud Authentication Service deployment. Only .cer certificates in DER or PEM format are supported.

7. Click Test Connection. If the connection test fails, you can edit the fields, select a new certificate, clear the Authenticate App checkbox to make the Identity Router Connection Settings fields unavailable, or click Cancel to exit the page without saving any changes."

Thank you,

John

No one else has this question

Outcomes

7 Replies

Ted Barbour May 11, 2017 3:44 PM
Mark Correct
Correct Answer
Hi John - if you are the administrator of your SecurID Access system you would have uploaded this certificate to the Administration Console's Company Settings and published out to your IDR(s).
If you do not have direct access to the file you can obtain it by browsing to your portal login page (https://your-portal-name/WebPortal/ )
- With Chrome (for example) you then need to enable the Developer Tools and go to the Security tab.
- Click on the View certificate button.
- Click on the Certification Path tab
- Click on the top certificate in the path (this will be the root certificate) and then the View Certificate button
- Click on the Details tab and the Copy to File button
- In the Certificate Wizard set the Export File Format to Base-64 encoded and choose a file name to export to.
Although the details may differ, you can follow a similar process with other browser types.
Like • Show 0 Likes0
Actions
- JOHN MILLER @ Ted Barbour on May 12, 2017 10:34 AM
  Mark Correct
  Correct Answer
  Thanks for the quick reply Ted.
  
  I followed your instructions and copied the cert. When I try to test the connection I get an error:
  
  "Unexpected error occurred. Check the Authentication Manager log files for more information."
  
  When I check the log files it's ERROR 16042 Unexpected exception caught
  
  Administrator “SYSTEM” attempted to execute command “com.rsa.authmgr.integration.access.internal.command.RemoteAuthenticatorTestConnectionCommand”
  
  The details are:
  "
  java.lang.NullPointerException, at com.rsa.authmgr.integration.access.internal.command.RemoteAuthenticatorTestConnectionCommand.performExecute(RemoteAuthenticatorTestConnectionCommand.java:48), at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119), at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1), at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:256), at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933), at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1), at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113), at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439), at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445), at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373), at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source), at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:34), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source), at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:701), at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:231), at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:527), at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363), at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146), at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:523), at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118), at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311), at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
  "
  
  So it's an NullPointerException. Is there something I can check?
  
  Thanks,
  John
  Like • Show 0 Likes0
  Actions
  - Ted Barbour @ JOHN MILLER on May 12, 2017 12:32 PM
    Mark Correct
    Correct Answer
    Hi John - that's not an error I've seen so I'm not sure if it will be possible to troubleshoot via this forum. You may want to open a support case.
    
    Have you verified all of your configuration steps (enable IDR API access, defined static route(s), updated AM hosts file, correctly configured Authenticate App fields in the Ops Console)?
    Like • Show 0 Likes0
    Actions
Alex Everling Jul 26, 2017 6:02 AM
Mark Correct
Correct Answer
I have the same problem did you solved it ?
Like • Show 0 Likes0
Actions
- JOHN MILLER @ Alex Everling on Jul 26, 2017 9:37 AM
  Mark Correct
  Correct Answer
  Hi Alex, it was something with the cert. I used a different one and it worked. I didn't troubleshoot it any further.
  Like • Show 0 Likes0
  Actions
- Ted Barbour @ Alex Everling on Jul 26, 2017 10:16 AM
  Mark Correct
  Correct Answer
  Hi Alex - are you following steps outlined in https://community.rsa.com/docs/DOC-75842?
  Again, may be impossible to troubleshoot via the forum but any additional information you can provide about your configuration thus far might be helpful.
  
  Ted
  Like • Show 0 Likes0
  Actions
- Erica Chalfin @ Alex Everling on Jul 28, 2017 9:09 AM
  Mark Correct
  Correct Answer
  Alex Everling,
  
  As Ted Barbour recommended, if you are still not up and running pleaseHow to contact RSA Customer Support and open a case so you can work directly with an engineer.
  Like • Show 0 Likes0
  Actions