000037403 - Error: Principal does not possess one or more authenticators when using RSA SecurID Access Authenticate app tokencode with an Authentication Manager protected resource

Document created by RSA Customer Support Employee on May 1, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037403
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4
IssueAttempting to authenticate with an RSA Authentication Agent using an Authenticate tokencode results in authentication failure and the following error in Authentication Manager logs:

Error: Principal does not possess one or more authenticators
CauseThis is due to an Authentication Manager software defect that can occur if the user previously had one or more tokens but now has no tokens assigned.
ResolutionThis defect that will be fixed in a future Authentication Manager release.
WorkaroundEither temporarily assign the user a fixed passcode or another SecurID token or use the command line utility described by Enable the RSA SecurID Authenticate App for Specific Users.

Note that a token temporarily assigned for this workaround can be unassigned once the Authenticate tokencode has successfully been used for authentication.

NotesThis authentication scenario where the user has no tokens does succeed if the user never previously had any assigned tokens.