Article Number
000036475
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP1 and higher
Issue
An RSA administrator is unable to import a trusted realm package on the Authentication Manager primary. The rsa-console.log has the following error:
ERROR [[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)']
GUILog.traceException(587) | exception: com.rsa.command.exception.DuplicateDataException:
ERROR: duplicate key value violates unique constraint "ak_ims_trusts"
Detail: Key (owner_id, deployment_uuid, external_realm_name)=(000000000000000000001000e0011000,
832339bc-df9e-4ff3-b8cd-40f7ef40897f, SystemDomain) already exists.
(000000000000000000001000e0011000, 832339bc-df9e-4ff3-b8cd-40f7ef40897f, SystemDomain)
key is already present in the table ims_trusts.
On the Security Console the following message appears:
The trust is not unique. Either the trust package has already been imported under another name, or the name <realm_name> has already been used.
Cause
The primary Authentication Manager server and the the new trusted server both have same UUID in the database. This will happen because at some point the newly added trusted server was part of the current primary deployment. Each server must have a unique UUID in order to establish trusted realm.
Resolution
To correct the issue,
- Connect to each RSA Authentication Manager server via SQL.
- At step 3 in the instructions, enter the following command on the primary for Realm 1:
db=# SELECT * FROM ims_config_value WHERE name='ims.deployment.uuid';
id | instance_id | name | value
----------------------------------+------------------+---------------------+--------------------------------------
5a5f17b966e69a0a1a917ab6685884a8 | 0000-Global-0000 | ims.deployment.uuid | 90b5dfbc-6622-4398-aa18-e70aa3671151
(1 row)
- On the replica for Realm 2,
db=# SELECT * FROM ims_config_value WHERE name='ims.deployment.uuid';
id | instance_id | name | value
---------------------------------+------------------+---------------------+--------------------------------------
8627add62fe39a0a010f95c16788a864 | 0000-Global-0000 | ims.deployment.uuid | 832339bc-df9e-4ff3-b8cd-40f7ef40897f
(1 row)
-
On the primary for Realm 2,
db=# SELECT * FROM ims_config_value WHERE name='ims.deployment.uuid';
id | instance_id | name | value
---------------------------------+------------------+---------------------+--------------------------------------
8627add62fe39a0a010f95c16788a864 | 0000-Global-0000 | ims.deployment.uuid | 832339bc-df9e-4ff3-b8cd-40f7ef40897f
(1 row)
Notice that the UUID for the replica in Realm 1 and the primary in Realm 2 are the same. This is the reason why the insertion of a trusted realm fails. Make sure that each server has a unique UUID.
Workaround
Install a new primary instance in Realm 2 and it will have a unique UUID. Verify the UUID with the SELECT statements above. Once that is done, adding the trusted realm will be successful.
