SteMinder : AceInitialization failed for RSA Authentication
search cancel

SteMinder : AceInitialization failed for RSA Authentication

book

Article ID: 4567

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

While integration with RSA and siteminder for leveraging 2 factor authentication

Below steps were performed for integration: 

- checked the compatibility of rsa agent and have installed the rsa agent on the server which has policy server. 

- validated if the rsa agent is functioning correctly 

- created a rsa auth scheme and have the same scheme configured for a sample application 

- using the sample forms login page provided for rsa auth scheme 

 

Issue:

Users are not getting authenticated by rsa and the requests are not even reaching rsa authentication managers.

Below errors in policy server smtrace logs:

[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthAceHtml.cpp:665][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00850] SmAuthenticate: AceInitialization failed] 
[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthAceHtml.cpp:666][SmAuthInit][][][][][][][][][][][][][Sm_AuthApi_Failure][][][][][][][][Leave function SmAuthInit] 
[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthServer.cpp:374][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-02960] Failed to initialize authentication scheme 'RSA 2fa'] 
[11/10/2016][05:01:55.981][05:01:55][2536][3756][SmAuthUser.cpp:3976][CSmAuthUser::AuthenticateUserDir][][][][z002fbv][][][][][][][][][false][][][][][][][][Cannot init Auth scheme. leave function.]

Environment

Policy Server: 12.8.x

Cause

It was observed that the policy server is not able to load ACE library and failed to Initialize RSA Authentication scheme.

Resolution

Check the below configurations to fix this issue

-> A separate RSA Ace Client (Agent) installation on the system is NOT needed as stated in the docs. The required RSA Ace libraries are included with the policy server installation. 

->The Policy Server installer on 64 bit Windows servers places the aceclnt.dll and sdmsg.dll files in the C:\windows\syswow64 directory, not C:\windows\system32.

->To configure RSA Ace on a 64 bit Windows OS  , set the USR_ACE and VAR_ACE environment variables to the syswow64 directory, and place the sdconf.rec file in the syswow64 directory.