Article Content
Article Number | 000037935 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for Active Directory Federation Services (AD FS) RSA Version/Condition: 2.0 |
Issue | Users are in Active Directory and authenticating from a machine where the RSA Authentication Agent 2.0 for Active Directory Federation Services (AD FS) is installed and enabled with two-factor authentication. The end user experiences a 20 second delay in authentication from the AD FS agent. Authentication from all other agent hosts appears to be normal. |
Cause | The delay is caused by a DNS lookup on the hostname of the AD FS agent by Authentication Manager. In theory, since the AD FS agent uses the REST API, any logical name can be used to define the agent in Authentication Manager. It is unexpected that the Authentication Manager does DNS lookup on agents using REST API, hence the delay. |
Resolution | This issue has been reported as defect AM-35049 and it is resolved in RSA Authentication Manager 8.4 patch 7. |
Workaround |
|