AMIS AM Prime Unable to create/add user account from HDAP portal
2 years ago
Originally Published: 2020-12-18
Article Number
000044507
Applies To
RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1, 8.x
Platform (Other): AMIS 1.3
Issue
Authentication Manager, AM Prime aka AMIS unable to create or add a new user in the Help Desk Administration Portal, HDAP, with error thrown from Server Status: 405
HDAP_Status_405
There is some unexpected issue with the server. Status: 504 Please check if the server is accessible.

AMIS logs
===hdap.log===
ERROR com.rsa.pso.lap.springbeans.AMISClientServiceImp - Exception :: AMISClientServiceImp.getIdentitySources() :: /java.lang.NullPointerException
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception while creating user/com.rsa.pso.exception.ServiceException
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception occurred sending status code 500/com.rsa.pso.exception.ServiceException
DEBUG com.rsa.pso.util.LAPUtils - Action /am71/user/createUser is protected by permission user:create
ERROR com.rsa.pso.lap.web.SearchActionBean - Exception occurred sending status code 401/java.lang.Exception

===claimfilter===
ERROR com.emc.rsa.pso.amis.service.claimFilter - unable to validate token 22697441
INFO com.emc.rsa.pso.amis.service.claimFilter - Returning unauthorized.
INFO com.emc.rsa.pso.amis.service.claimFilter - Loading claim set
INFO com.emc.rsa.pso.amis.service.claimFilter - Session token : RSA_AUTHENTICATION_TOKEN was not found in session.

 
Cause
The root cause of the issue is an enhancement that is done to add Driver Statistics in AMIS in May 2020 with Changelist ID 1304761.
Sample Response after AMIS May 2020 ChangeList ID 1304761:

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<serviceResult result="true">
<driverStatistics maxAllocTime="1857" maxReleastTime="0" maxThreadCount="1" totalAllocTime="1857" totalReleaseTime="0" totalRequests="1" />
</serviceResult>
 
Resolution
Need to update the am8.war files using the build from 04-Dec-2020

Steps to follow:
  1. Copy am8.war to Prime SSP servers.
  2. Stop AMIS service - WinServices Apache AMIS
  3. cd to ~/primekit/tomcat/tomcat-amis/work/
  4. From within dir above "rm -rf Catalina" or "rename Catalina"
  5. cd to ~/primekit/tomcat/tomcat-amis/webapps/
  6. Rename am8.war to .old_repl_tok extension
  7. (rename or) "rm -rf auth/ am8/ workflow/ rsa-endpoints/" from webapps repeat for other directories too: auth, am8, and workflow
  8. Copy the new am8.war to ~/primekit/tomcat/tomcat-amis/webapps/.
  9. Start AMIS

Should not need to reset permissions script 3_reset_perms.bat in Windows.
 
Workaround
Work-around is to add Users to the Security Console.
Notes
See Jira PSSSP-778 - Help Desk Admin Portal @<customer> CreateUser fails after Microsoft Windows Security update.

Related Articles

Trending Articles

Don't see what you're looking for?