Log4j dependency removal's impact on RSA SecurID-based MFA

Log4j dependency removal's impact on RSA SecurID-based MFA

In light of the recent discovery of Apache Log4j library's security vulnerability (CVE-2021-44228), ADSelfService Plus released its build 6119 that completely removed dependency on the Log4j library. However, the Log4j library is required if you have enabled RSA SecurID as an authenticator for ADSelfService Plus' MFA feature.

 

If you are an existing customer and have configured RSA SecurID already, follow the steps below after updating to build 6119 to continue using the RSA SecurID authenticator:

  • Go to <ADSelfServicePlus_install_directory>/lib folder (by default the location is: C:\ManageEngine\ADSelfService Plus\lib).

  • Delete the existing authiapi.jar file, log4j-1.2.8.jarlog4j-1.2.15.jar files.

  • Obtain the authapi.jar file and its corresponding Log4j JAR files, preferably the latest version, from RSA SecurID.

  • Go back to the <ADSelfServicePlus_install_directory>/lib folder.

  • Paste the new authiapi.jar file and Log4j files in the folder

If you have not configured RSA SecurID for MFA yet, but want to configure it after updating to 6119, follow these steps:

  • Obtain the authapi.jar file and its corresponding Log4j JAR files, preferably the latest version, from RSA SecurID.

  • Go to <ADSelfServicePlus_install_directory>/lib folder (by default the location is: C:\ManageEngine\ADSelfService Plus\lib).

  • Paste the files in this folder.

Proceed with configuring RSA SecurID as mentioned in this guide.

Regards,
ADSelfService Plus Team
Toll Free: +1-84-245-1104
Direct: +1-408-916-9890

      New to ADSelfService Plus?

        Resources

                  Related Products