Solutions
Archived

SecurID authentication module is missing from OpenAM 13.0

Last updated Jan 5, 2021

The purpose of this article is to provide the missing SecurID® authentication module in OpenAM 13.0.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

Following an upgrade (from an OpenAM instance with a working SecurID authentication module) to OpenAM 13.0, you see any of the following issues:

  • You get a "not found error" when trying to view or edit the module in a realm (Realm > Authentication > Modules).
  • You see that the SecurID module type is missing when you try to add a SecurID authentication module. Instead an iPlanetAMAuthSecurIDService type is visible; when you try to create a module of this type, it fails with a "Resource 'iPlanetAMAuthSecurIDService' not found" error.
  • You get an "Invalid parameters" message when trying to create a module of type SecurID via ssoadm.

Following the fresh installation of an OpenAM 13.0 instance, you see any of the following issues:

  • You see that the SecurID module type is missing when you try to add a SecurID authentication module.
  • You get an "Invalid parameters" message when trying to create a module of type SecurID via ssoadm.

Recent Changes

Installed, or upgraded to OpenAM 13.0.

Causes

Due to a bug in the build scripts of OpenAM 13.0, the SecurID authentication module was not correctly built and consequently not included in the final release of OpenAM 13.0.

Solution

This issue can be resolved by upgrading to OpenAM 13.5 or later; you can download this version from BackStage.

Alternatively, you apply a patch to OpenAM; this can either be applied to an existing deployment or to the OpenAM 13.0 WAR file prior to installation or upgrade.

Applying patch to existing OpenAM 13.0 deployment

  1. Download this patch file: SecurID-auth-13.0.0-tpatch.zip
  2. Follow the standard patch installation instructions to install the patch: How do I install an AM patch (All versions) supplied by ForgeRock support?
  3. Register the SecurID authentication service: $ ./ssoadm create-svc -u [adminID] -f [passwordfile] -X amAuthSecurID.xml replacing [adminID] and [passwordfile] with appropriate values.
  4. Register the SecurID authentication module: $ ./ssoadm register-auth-module -u [adminID] -f [passwordfile] -a com.sun.identity.authentication.modules.securid.SecurID replacing [adminID] and [passwordfile] with appropriate values.
  5. Restart the web application container in which OpenAM runs to have the patch take effect. 

Applying the patch to the OpenAM 13.0 WAR before an installation or upgrade 

  1. Download this patch file: SecurID-auth-13.0.0-tpatch.zip
  2. Unzip the patch file into a temporary directory where you also have a copy of the OpenAM 13.0 WAR file.
  3. Run the following jar command to update the WAR file with the key components from the patch: $ jar uf OpenAM-13.0.0.war README-securid-auth.tpatch WEB-INF/classes/serviceNames.properties WEB-INF/lib/openam-auth-securid-13.0.0.jar The resulting OpenAM-13.0.0.war file can now be used for a fresh installation and/or upgrade of an earlier version of OpenAM.
Note

You may also want to add the RSA® SecurID client libraries (the latest authapi jar file and a dependency crypto.jar / cryptoj.jar file) at the same time. To use the SecurID authentication module the supporting libraries need to be copied to the WEB-INF/lib directory of the OpenAM WAR file. These client libraries must be obtained from RSA.

See Also

FAQ: SecurID authentication module in AM

How do I build OpenAM 13.x from source?

SecurID authentication module login fails in AM (All versions) with java.lang.NoClassDefFoundError

OpenAM Administration Guide › Defining Authentication Services › Hints For the SecurID Authentication Module

Related Issue Tracker IDs

OPENAM-8456 (SecurID authentication module is missing from 13.0.0)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.