Issue | This article explains how to overcome the following error seen with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication.
Facts are not available
The log snipped below is from the rsa_adfs.log, located by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs:
2019-03-13 16:02:44,117 [20] INFO AuthSessionAdapter - TryEndAuthentication() called for User: Administrator 2019-03-13 16:02:44,117 [20] DEBUG AuthnRequestData - Constructing AuthnRequestData for user: Administrator 2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::Authenticate() 2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::processRequest() 2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Creating AuthN sessionData from Initialize response. 2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Facts are not available 2019-03-13 16:02:44,133 [20] INFO AuthnAdapter - Authentication step completed.
|
Resolution | To resolve the issue,
- In the Security Console, navigate to Access > Authentication Agents > Manage Existing.
- Select the Restricted or Unrestricted tab, depending on whether the agent with the issue is restricted or unrestricted.
- Take note of the agent name as shown below:
- Go to the AD FS server where the AD FS agent is installed.
- Browse to C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\scripts.
- Right click on the MFAAuthProviderConfigSettings file and select Run with PowerShell to open the RSA Agent for AD FS Configuration Utility.
- Wait for the script to run and open the PowerShell command prompt and select Y when prompted to continue, as shown:
- To view the current settings of the AD FS agent, select 1] View Current Settings from the displayed list:
- The agent name here and the agent name shown in step 3 must be identical. Either:
- Edit the agent name in the Security Console (Access > Authentication Agents > Manage Existing by clicking on the context arrow next to the agent name and choosing Edit, making changes and clicking Save when done.
- Edit the agent name within PowerShell by entering 2] to edit settings.
- Test authentication.
- Correcting the naming should now resolve the error.
|