|Applies To||RSA Product Set: SecurID Access|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4 Patch 4
|Issue||RSA SecurID Authentication Manager is connected to the Cloud Authentication Service.|
Attempting to authenticate to an Authentication Manager protected resource using an Authenticate App tokencode results in an authentication failure.
The following error is shown in the: Security Console > Reporting > Real-time Activity Monitors > System Activity Monitor:
Error: Failed to connect to Identity Router
|Cause||This can occur in a scenario where the following three conditions are met:|
|Resolution||There are two ways to resolve this:|
Solution 1: Disable the configuration that allows Authenticate app tokencodes to be sent from the Authentication Manager to the Cloud Authentication Service through the identity router(s). This can be done by going to: Operations Console > Deployment Configuration > RSA SecurID Authenticate App and unchecking the "Allow authentication using Authenticate Tokencodes" option. Then save these settings.
With this option disabled, the Authenticate tokencodes will no longer attempt to be sent to the Cloud Authentication Service through the identity router(s) but will instead be sent using Authentication Manager's direct connection to the Cloud Authentication Service.
Solution 2: Resolve the connection issue between the Authentication Manager server(s) and identity router(s) to allow the Authenticate tokencodes to be sent to the Cloud Authentication Service through the identity router(s).