Skip to main content

RSA Authentication Manager SDK (Java Admin API)

If you experience any errors:

  • Verify that Java version 1.5.x 32-bit is installed correctly when targeting RSA Authentication Manager 7.1, including registry settings.

  • Verify that Java version 1.5.x is in the path environment for psadmin, and it is the first version of Java in the path when targeting RSA Authentication Manager 7.1.

  • Verify that Java version 1.6.x, 1.7.x, or 1.8.x 64-bit is installed correctly when targeting RSA Authentication Manager 8.x, including registry settings and is the version that is specified for the target system address.

  • Verify that the non-SSL or SSL server URL is specified correctly for t3 or t3s as well as for the correct server name and port number.

  • Ensure that the agent directory contains the agtjava.class file.

    If the agtjava.class file is:

    • Present in the agent directory, then agtrsaam uses the version of Java defined in the .class file. However, if the defined version of Java cannot be found, then this problem is written to the idmsuite.log file.

    • Missing from the agent directory, then agtrsaam tries to use the CurrentVersion of Java, which is defined in the registry. However, if Java is not installed, then this problem is written to the idmsuite.log file.

  • Ensure that the target system address is set correctly for the intended realm or security domain as well as sub-domains. Check that the Security Domain has been set for the SecurID tokens on the RSA Authentication Manager server that will be used both for listing existing users as well as for listing unassigned tokens.

When running auto-discovery you may find the following error messages in the logs:

Info: Failed to lookup principal.
Info: Unable to find any principals for token [<token_number>] issue
      [non-existent principal] -- unexpected rsa integrity constraint
      issue when listing assigned tokens.

I

Check the target system’s list file in the \<instance>\psconfig\ directory for any token entries that are missing all user attributes and have the short id set to the token number.

If this is the case, you may have an orphaned SecurID token. This may occur if a user ID becomes invalid or is missing but the token is still assigned.

This is possible if a user is from an alternate identity source and they are removed from that source (such as from Active Directory for example). This causes the token to then be orphaned and assigned to <Unknown> in the RSA Security Console.

In this case, other error messages may also appear when attempting to manage a token:

Warning: Cannot find any principals for uid(<Unknown>).
Warning: Failed to find the resource!
Warning: Failed to list the user's attributes.

In this case, the token will need to be unassigned from the <Unknown> user from the RSA Authentication Manager 7.1/8.2 server before it will be available for assignment again.

The following are possible Java error messages that may be encountered during the configuration of the RSA Authentication Manager 7.1/8.2 target. For each error message, a suggested solution is provided.

  • java.io.IOException: Empty server reply; No available router to destination

    Ensure that t3 is specified for non-SSL or t3s for SSL for the server URL in the target system address.

  • javax.naming.ServiceUnavailableException

    Ensure that the server name has been specified correctly for the server URL in the target system address.

  • javax.naming.CommunicationException Destination unreachable; nested exception is: java.net. ConnectException: Connection refused: connect; No available router to destination

    Ensure that the port number has been specified correctly for the server URL in the target system address.

  • Destination unreachable; nested exception is: javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination

    Ensure that the certificate keystore file (example: trust.jks) has been generated correctly.

  • java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

    Ensure that the specified path to the certificate keystore file (example: trust.jks) in the target system address is valid.

  • java.lang.NoClassDefFoundError

    Ensure that the path for RSA API path has been specified correctly in the target system address.

  • javax.ejb.EJBAccessException: [EJB:010160]Security violation: User <anonymous> has insufficient permission

    Ensure that the command client credentials have been specified correctly for the RSA Authentication Manager 7.1/8.2 target and that the System password checkbox has been checked.

  • java.lang.RuntimeException: Exception occurred while reading the license file

    Ensure that the license.bea file has been somewhere copied into the path defined for RSA API path in the target system address. It might also indicate that the directory for the RSA API path is either incorrect or has inadequate permissions.

In this section: