000037501 - End user account locked out multiple times in RSA Adaptive Authentication (OnPrem) 7.x

Document created by RSA Customer Support Employee on May 28, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037501
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
IssueEnd user account locked out multiple times on a single day.

The issue can be reproduced as follows:

  • Create user
  • Update user
  • Analyze user
  • Challenge user
  • Fail the authenticate call (multiple times even after lockout)

In the EVENT_LOG table there will be 3 records: one for Create, one for Update and one for all (Analyze, Challenge, Authenticate).  The third record gets updated on Challenge and Authenticate without creating the new record in EVENT_LOG.

When failing the Authenticate call more than specified times it gets locked out the first time and if the same user continues failing the "Authenticate" call, new "Lockout" (L) records are created in the userchangehistory table.

User-added image

ResolutionTo avoid this situation, Authenticate calls should not be sent if the user status is already set to LOCKOUT.