SecurID authentication module login fails in AM (All versions) with java.lang.NoClassDefFoundError
The purpose of this article is to provide assistance if you receive a "java.lang.NoClassDefFoundError: com/rsa/authagent/authapi/AuthAgentException" when attempting to log into the SecurID® authentication module in AM.
1 reader recommends this article
Symptoms
The following error is shown in the web application container log (for example, catalina.out for Apache Tomcat™) when the login to the SecurID authentication module fails:
Caused by: java.lang.NoClassDefFoundError: com/rsa/authagent/authapi/AuthAgentException at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:274) at com.sun.identity.authentication.service.AuthUtils.isPureJAASModulePresent(AuthUtils.java:1515) at com.sun.identity.authentication.service.AMLoginContext.executeLogin(AMLoginContext.java:390) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:544) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:436) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:287) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:219) at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:916) at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:862) at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519) at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981) at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615) at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459) at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) ... 28 moreRecent Changes
Configured the SecurID authentication module.
Causes
ForgeRock is not licensed to redistribute the RSA® SecurID library (authapi jar). This error means the authapi jar (for example, authapi-2005-08-12.jar) is missing.
Solution
You must obtain the latest authapi jar file from RSA. They should provide this to you along with a dependency crypto.jar / cryptoj.jar file. You should then include these files in the path/to/tomcat/webapps/am/WEB-INF/lib directory where AM is deployed.
You should also obtain a version of the log4j library from RSA that is compatible with your version of the authapi jar file.
Note
The SecurID module is deprecated as of AM 7 and will be removed in a later release: Deprecated in AM 7.
The Log4j library has a known security vulnerability as detailed in Log4j Security Advisory #202111. Additionally, both this file and the authapi jar are no longer supported by RSA, meaning this vulnerability will not be fixed. As a result, ForgeRock strongly recommends you migrate to the SecurID node instead. This node is currently available from the Marketplace and will be included in a later release of AM.
See Also
FAQ: SecurID authentication module in AM
Related Training
N/A
Related Issue Tracker IDs
N/A