|Applies To||RSA Product Set: SecurID Access|
RSA Product/Service: Cloud Authentication Service
|Issue||When trying to access Office 365 seeing error:|
Sorry but we're having trouble signing you in.
AADSTS20012: An error occurred when we tried to process a WS-Federation message. The message was invalid.
|Cause||When multiple Identity Routers (IDRs) are configured behind a load balancer, internal IDR traffic can get sent to the load balancer and then on to a different IDR. |
This loss of session persistence can cause authentication failure.
|Workaround||Create static DNS entries to map the load balancer hostname to each IDR's proxy IP address:|
|Notes||The load balancer DNS hostname should be defined in the Platform > Clusters > Edit > Load Balancer DNS Name field.|