PAM was upgraded to 4.2.1 and RSA logins are now failing. All the necessary steps from the Configure PAM to Support RSA SecurID Authentication documentation page were followed to convert to Rest API, but the issue is still occurring.

The issue will only occur when upgrading directly to Privileged Access Manager 4.2.1 from 4.1.0-4.1.4.

When upgrading from a pre-4.1.5 release, the configuration file used for authentication gets updated to use the REST API for RSA authentication. There is an issue with the 4.2.1 upgrade script which caused the configuration file to not be updated, so PAM continued to use the legacy RSA authentication client.