SecurID authentication module is missing from OpenAM 13.0

Last updated Jan 5, 2021

The purpose of this article is to provide the missing SecurID® authentication module in OpenAM 13.0.

1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

Following an upgrade (from an OpenAM instance with a working SecurID authentication module) to OpenAM 13.0, you see any of the following issues:

You get a "not found error" when trying to view or edit the module in a realm (Realm > Authentication > Modules).
You see that the SecurID module type is missing when you try to add a SecurID authentication module. Instead an iPlanetAMAuthSecurIDService type is visible; when you try to create a module of this type, it fails with a "Resource 'iPlanetAMAuthSecurIDService' not found" error.
You get an "Invalid parameters" message when trying to create a module of type SecurID via ssoadm.

Following the fresh installation of an OpenAM 13.0 instance, you see any of the following issues:

You see that the SecurID module type is missing when you try to add a SecurID authentication module.
You get an "Invalid parameters" message when trying to create a module of type SecurID via ssoadm.

Causes

Due to a bug in the build scripts of OpenAM 13.0, the SecurID authentication module was not correctly built and consequently not included in the final release of OpenAM 13.0.

Solution

This issue can be resolved by upgrading to OpenAM 13.5 or later; you can download this version from BackStage.

Alternatively, you apply a patch to OpenAM; this can either be applied to an existing deployment or to the OpenAM 13.0 WAR file prior to installation or upgrade.

Applying patch to existing OpenAM 13.0 deployment

Download this patch file: SecurID-auth-13.0.0-tpatch.zip
Follow the standard patch installation instructions to install the patch: How do I install an AM patch (All versions) supplied by ForgeRock support?
Register the SecurID authentication service: $ ./ssoadm create-svc -u [adminID] -f [passwordfile] -X amAuthSecurID.xml replacing [adminID] and [passwordfile] with appropriate values.
Register the SecurID authentication module: $ ./ssoadm register-auth-module -u [adminID] -f [passwordfile] -a com.sun.identity.authentication.modules.securid.SecurID replacing [adminID] and [passwordfile] with appropriate values.
Restart the web application container in which OpenAM runs to have the patch take effect.

Applying the patch to the OpenAM 13.0 WAR before an installation or upgrade

Download this patch file: SecurID-auth-13.0.0-tpatch.zip
Unzip the patch file into a temporary directory where you also have a copy of the OpenAM 13.0 WAR file.
Run the following jar command to update the WAR file with the key components from the patch: $ jar uf OpenAM-13.0.0.war README-securid-auth.tpatch WEB-INF/classes/serviceNames.properties WEB-INF/lib/openam-auth-securid-13.0.0.jar The resulting OpenAM-13.0.0.war file can now be used for a fresh installation and/or upgrade of an earlier version of OpenAM.

Note

You may also want to add the RSA® SecurID client libraries (the latest authapi jar file and a dependency crypto.jar / cryptoj.jar file) at the same time. To use the SecurID authentication module the supporting libraries need to be copied to the WEB-INF/lib directory of the OpenAM WAR file. These client libraries must be obtained from RSA.

Related Issue Tracker IDs

OPENAM-8456 (SecurID authentication module is missing from 13.0.0)