Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

SecurID authentication module login fails in AM (All versions) with java.lang.NoClassDefFoundError

Last updated Jan 16, 2023

The purpose of this article is to provide assistance if you receive a "java.lang.NoClassDefFoundError: com/rsa/authagent/authapi/AuthAgentException" when attempting to log into the SecurID® authentication module in AM.

1 reader recommends this article

Symptoms

The following error is shown in the web application container log (for example, catalina.out for Apache Tomcat™) when the login to the SecurID authentication module fails:

Caused by: java.lang.NoClassDefFoundError: com/rsa/authagent/authapi/AuthAgentException at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:274) at com.sun.identity.authentication.service.AuthUtils.isPureJAASModulePresent(AuthUtils.java:1515) at com.sun.identity.authentication.service.AMLoginContext.executeLogin(AMLoginContext.java:390) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:544) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:436) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:287) at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:219) at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:916) at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:862) at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519) at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981) at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615) at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459) at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) ... 28 more

Recent Changes

Configured the SecurID authentication module.

Causes

ForgeRock is not licensed to redistribute the RSA® SecurID library (authapi jar). This error means the authapi jar (for example, authapi-2005-08-12.jar) is missing.

Solution

You must obtain the latest authapi jar file from RSA. They should provide this to you along with a dependency crypto.jar / cryptoj.jar file. You should then include these files in the path/to/tomcat/webapps/am/WEB-INF/lib directory where AM is deployed.

You should also obtain a version of the log4j library from RSA that is compatible with your version of the authapi jar file.

Note

The SecurID module is deprecated as of AM 7 and will be removed in a later release: Deprecated in AM 7.

The Log4j library has a known security vulnerability as detailed in Log4j Security Advisory #202111. Additionally, both this file and the authapi jar are no longer supported by RSA, meaning this vulnerability will not be fixed. As a result, ForgeRock strongly recommends you migrate to the SecurID node instead. This node is currently available from the Marketplace and will be included in a later release of AM.

See Also

FAQ: SecurID authentication module in AM

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.