AceInitialization failed for RSA Authentication
search cancel

AceInitialization failed for RSA Authentication

book

Article ID: 4567

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are trying to integrate RSA with siteminder for leveraging 2 factor authentication for siteminder integrated applications. 

we have already done the below steps: 

- checked the compatibility of rsa agent and have installed the rsa agent on the server which has policy server. 

- validated if the rsa agent is functioning correctly 

- created a rsa auth scheme and have the same scheme configured for a sample application 

- using the sample forms login page provided for rsa auth scheme 

 

Issue: the users are not getting authenticated by rsa and the requests are not even reaching rsa authentication managers.

Below errors in policy server smtrace logs:

[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthAceHtml.cpp:665][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00850] SmAuthenticate: AceInitialization failed] 

[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthAceHtml.cpp:666][SmAuthInit][][][][][][][][][][][][][Sm_AuthApi_Failure][][][][][][][][Leave function SmAuthInit] 

[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthServer.cpp:374][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-02960] Failed to initialize authentication scheme 'RSA 2fa'] 

[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthUser.cpp:3976][CSmAuthUser::AuthenticateUserDir][][][][z002fbv][][][][][][][][][false][][][][][][][][Cannot init Auth scheme. leave function.]

Environment

Policy Server: 12.52 CR01 on Windows 2008 R2, RSA Authentication Manager 8.0, RSA Agent 7.2

Cause

We could see that the policy server is not able to load ACE library and failed to Initialize RSA Authentication scheme.

Resolution

1.A separate RSA Ace Client (Agent) installation on the system is NOT needed as stated in the docs. The required RSA Ace libraries are included with the policy server installation. 

2.The Policy Server installer on 64 bit Windows servers places the aceclnt.dll and sdmsg.dll files in the C:\windows\syswow64 directory, not C:\windows\system32.

3.To configure RSA Ace on a 64 bit Windows OS, simply set the USR_ACE and VAR_ACE environment variables to the syswow64 directory, and place the sdconf.rec file in the syswow64 directory.