Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036984 - Error Facts are not available when trying to authenticate using the RSA Authentication Agent 2.0 for AD FS

Document created by RSA Customer Support

on Jul 24, 2019

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036984
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for AD FS RSA Version/Condition: 2.0
Issue	This article explains how to overcome the following error seen with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication. Facts are not available The log snipped below is from the rsa_adfs.log, located by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs: 2019-03-13 16:02:44,117 [20] INFO AuthSessionAdapter - TryEndAuthentication() called for User: Administrator 2019-03-13 16:02:44,117 [20] DEBUG AuthnRequestData - Constructing AuthnRequestData for user: Administrator 2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::Authenticate() 2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::processRequest() 2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Creating AuthN sessionData from Initialize response. 2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Facts are not available 2019-03-13 16:02:44,133 [20] INFO AuthnAdapter - Authentication step completed.
Cause	The error occurs when the name of the authentication agent in the Authentication Manager Security Console (Access > Authentication Agents > Manage Existing) does not match to the name of authentication agent created in the AD FS configuration page.
Resolution	To resolve the issue, In the Security Console, navigate to Access > Authentication Agents > Manage Existing. Select the Restricted or Unrestricted tab, depending on whether the agent with the issue is restricted or unrestricted. Take note of the agent name as shown below: Go to the AD FS server where the AD FS agent is installed. Browse to C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\scripts. Right click on the MFAAuthProviderConfigSettings file and select Run with PowerShell to open the RSA Agent for AD FS Configuration Utility. Wait for the script to run and open the PowerShell command prompt and select Y when prompted to continue, as shown: To view the current settings of the AD FS agent, select 1] View Current Settings from the displayed list: The agent name here and the agent name shown in step 3 must be identical. Either: Edit the agent name in the Security Console (Access > Authentication Agents > Manage Existing by clicking on the context arrow next to the agent name and choosing Edit, making changes and clicking Save when done. Edit the agent name within PowerShell by entering 2] to edit settings. Test authentication. Correcting the naming should now resolve the error.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

Re: ADFS Agent and Domain Users