|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
|Issue||End user account locked out multiple times on a single day.|
The issue can be reproduced as follows:
In the EVENT_LOG table there will be 3 records: one for Create, one for Update and one for all (Analyze, Challenge, Authenticate). The third record gets updated on Challenge and Authenticate without creating the new record in EVENT_LOG.
When failing the Authenticate call more than specified times it gets locked out the first time and if the same user continues failing the "Authenticate" call, new "Lockout" (L) records are created in the userchangehistory table.
|Resolution||To avoid this situation, Authenticate calls should not be sent if the user status is already set to LOCKOUT.|