The following error message displays in the RSA Authentication Manager Integration Service (AMIS) am8.log when authenticating to either the RSA Authentication Manager Help Desk Admin Portal (HDAP) or Self-Service Portal (SSP). The HDAP or SSP interface loops back to the login screen:
userAuthn completes in 89008ms. Result: (false) Message:
Could not access HTTP invoker remote service at [/ims-ws/httpinvoker/CommandServer];
nested exception is org.apache.commons.httpclient.HttpException:
Did not receive successful HTTP response:
status code = 401, status message = [Unauthorized]
The RSA Authentication Manager Command API Client User ID and Password that are entered in the AMIS configuration are incorrect. This causes RSA Authentication Manager Prime Kit to fail when accessing the HTTP Command Server.
Retrieve the Command API Client User ID and Password from the RSA Authentication Manager primary instance and correct the values in the AMIS configuration files.
Log in to the primary Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup, another username may have been selected. Use that username to log in.
Go to /opt/rsa/am/utils:
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system user password>
Last login: Tue Apr 7 13:47:05 2020 from 192.168.11.19
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@testam84p:~> cd /opt/rsa/am/utils
Run the following command to retrieve the Command API Client User ID and Password (these values are different in each deployment):
rsaadmin@testam84p:/opt/rsa/am/utils> ./rsautil manage-secrets --action list
Please enter OC Administrator username: <enter the name of an Operations Console administrator>
Please enter OC Administrator password: <enter the password for the Operations Console administrator>
Secrets stored in ./etc/systemfields.properties.
Command API Client User ID ............................: CmdClient_06q3iicq
Command API Client User Password ......................: V5KNLLjnJD81NyRfzi7L71xKV0towQ
SSL Server Identity Certificate Private Key Password ..: bOyxnV032yVRMQWnFftb4fNG7xq9VP
SSL Server Identity Certificate Keystore File Password : UVPAsZhN4eWyh1pb3RSAY3MgIUtZNL
Root Certificate Private Key Password .................: djLvIilLRqDNZfwgkVc9ZgTLBQrAX6
Root Certificate Keystore File Password ...............: Ttw14wO6zVzCatRLrYHDS9nkPKfYnl
The "listkeys" action displays the key names to use when setting the values.
Log in to the RSA Authentication Manager Prime server CLI.
Open the <Primekit_installation_directory>/configs/amis/tomcat-amis/setenv.sh.
Populate the retrieved values as shown in the bolded sections.
The RSA Authentication Manager Prime Kit installation directory will differ from one environment to the other. The administrator should be aware of the installation directory. The subdirectories and file names will not change.
Restarting the service steps will differ from one environment to the other. The administrator should know how to restart a certain service in their environment.