|Issue||This article explains how to overcome the following error seen with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication.|
Facts are not available
The log snipped below is from the rsa_adfs.log, located by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs:
2019-03-13 16:02:44,117  INFO AuthSessionAdapter - TryEndAuthentication() called for User: Administrator
2019-03-13 16:02:44,117  DEBUG AuthnRequestData - Constructing AuthnRequestData for user: Administrator
2019-03-13 16:02:44,133  DEBUG AuthnRequestService - Entering AuthnRequestService::Authenticate()
2019-03-13 16:02:44,133  DEBUG AuthnRequestService - Entering AuthnRequestService::processRequest()
2019-03-13 16:02:44,133  INFO AuthnRequestService - Creating AuthN sessionData from Initialize response.
2019-03-13 16:02:44,133  INFO AuthnRequestService - Facts are not available
2019-03-13 16:02:44,133  INFO AuthnAdapter - Authentication step completed.
|Resolution||To resolve the issue,|
- In the Security Console, navigate to Access > Authentication Agents > Manage Existing.
- Select the Restricted or Unrestricted tab, depending on whether the agent with the issue is restricted or unrestricted.
- Take note of the agent name as shown below:
- Go to the AD FS server where the AD FS agent is installed.
- Browse to C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\scripts.
- Right click on the MFAAuthProviderConfigSettings file and select Run with PowerShell to open the RSA Agent for AD FS Configuration Utility.
- Wait for the script to run and open the PowerShell command prompt and select Y when prompted to continue, as shown:
- To view the current settings of the AD FS agent, select 1] View Current Settings from the displayed list:
- The agent name here and the agent name shown in step 3 must be identical. Either:
- Edit the agent name in the Security Console (Access > Authentication Agents > Manage Existing by clicking on the context arrow next to the agent name and choosing Edit, making changes and clicking Save when done.
- Edit the agent name within PowerShell by entering 2] to edit settings.
- Test authentication.
- Correcting the naming should now resolve the error.