Radius Authentication Failure after upgrading to 8.6 and above with UTF-8 Error seen in radius logs
2 years ago
Article Number
000067891
Applies To
RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.6.x , 8.7 
Issue
After updating the authentication manager from 8.5 to 8.6, A migration from SBR Radius to Free Radius Occurred. Authentication Failures  can be seen happening on some radius clients with the following error seen:

Error: rlm_perl: Exception when calling rsa_securid_mfa_call: Exception in rsa_securid_mfa_first_step_process_initialize when calling UserApi->initialize: malformed UTF-8 character in JSON string, at character offset 449 (before "\x{b0}\\u0004?\x{80}...") at /opt/rsa/am/radius/raddb/mods-config/perl/rsaMFA/Object/Initialize.pm line 96.

This can be found in the radius logs using this command:
vi /opt/rsa/am/radius/radius.log
Cause
The issue can be reproduced due to these two steps:

1- The support of invalid non-ASCII characters is not present in 8.6 or 8.6 P1 and was fixed in 8.6 P2.
2- A Change in the Radius client configurations for example the Shared Secret key was changed recently and wasn't yet reflected in the Authentication manager and this is due to how FREE Radius work.
Resolution
1- Upgrade to 8.6 P2

If the issue is still happening after the upgrade to 8.6 P2.  Then do the steps below:

2-  Wait for about 15 mins for changes done in the radius client configurations to reflect.
3-  Restart the Radius Service using the following command:

cd /opt/rsa/am/server --> ./rsaserv restart radius.

Related Articles

Trending Articles

Don't see what you're looking for?