000036984 - Error Facts are not available when trying to authenticate using the RSA Authentication Agent 2.0 for AD FS

Document created by RSA Customer Support Employee on Jul 24, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036984
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Agent for AD FS
RSA Version/Condition:  2.0
IssueThis article explains how to overcome the following error seen with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication.

Facts are not available

The log snipped below is from the rsa_adfs.log, located by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs:

2019-03-13 16:02:44,117 [20] INFO AuthSessionAdapter - TryEndAuthentication() called for User: Administrator
2019-03-13 16:02:44,117 [20] DEBUG AuthnRequestData - Constructing AuthnRequestData for user: Administrator
2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::Authenticate()
2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::processRequest()
2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Creating AuthN sessionData from Initialize response.
2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Facts are not available
2019-03-13 16:02:44,133 [20] INFO AuthnAdapter - Authentication step completed.
CauseThe error occurs when the  name of the authentication agent in the Authentication Manager Security Console (Access > Authentication Agents > Manage Existing) does not match to the name of authentication agent created in the AD FS configuration page.
ResolutionTo resolve the issue,
  1. In the Security Console, navigate to Access > Authentication Agents > Manage Existing.
  2. Select the Restricted or Unrestricted tab, depending on whether the agent with the issue is restricted or unrestricted.
  3. Take note of the agent name as shown below:

User-added image

  1. Go to the AD FS server where the AD FS agent is installed.
  2. Browse to C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\scripts.
  3. Right click on the MFAAuthProviderConfigSettings file and select Run with PowerShell to open the RSA Agent for AD FS Configuration Utility.

User-added image

  1. Wait for the script to run and open the PowerShell command prompt and select Y when prompted to continue, as shown:

User-added image

  1. To view the current settings of the AD FS agent, select 1] View Current Settings from the displayed list:

User-added image

  1. The agent name here and the agent name shown in step 3 must be identical.   Either:
    1. Edit the agent name in the Security Console (Access > Authentication Agents > Manage Existing by clicking on the context arrow next to the agent name and choosing Edit, making changes and clicking Save when done.
    2. Edit the agent name within PowerShell by entering 2]  to edit settings.
  2. Test authentication. 
  3. Correcting the naming should now resolve the error.