Article Content
Article Number | 000038388 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for AD FS RSA Version/Condition: 2.0 |
Issue | This article explains how to overcome the following error with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication. Error in Server certificate validation: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. The log snipped below is from the rsa_adfs.log, located by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs: 2020-01-28 16:04:23,542 [8] INFO AuthSessionAdapter - BeginAuthentication() called for User: jdoe 2020-01-28 16:04:23,745 [8] INFO AuthnAdapter - Initial state: ActivityId = 26aa8f39-916c-45d8-2600-0080000000fb, ContextID = f0b1b2df-0e11-45d4-9418-e22ccc2f9802 2020-01-28 16:04:23,745 [8] INFO AuthSessionAdapter - Initial state: ActivityId = 26aa8f39-916c-45d8-2600-0080000000fb, ContextID = f0b1b2df-0e11-45d4-9418-e22ccc2f9802, AuthState = CALL_INITIALIZE 2020-01-28 16:04:23,745 [8] INFO AuthSessionAdapter - TryEndAuthentication() called for User: jdoe 2020-01-28 16:04:23,745 [8] DEBUG AuthnRequestData - Constructing AuthnRequestData for user: jdoe 2020-01-28 16:04:23,745 [8] DEBUG AuthnRequestService - Entering AuthnRequestService::Authenticate() 2020-01-28 16:04:23,761 [8] DEBUG AuthnRequestService - Entering AuthnRequestService::processRequest() 2020-01-28 16:04:23,761 [8] INFO AuthnRequestService - Creating AuthN sessionData from Initialize response. 2020-01-28 16:04:23,761 [8] INFO AuthnRequestService - Facts are not available 2020-01-28 16:04:23,761 [8] DEBUG MFAInitializeProcessor - Entering MFAInitializeProcessor::process() 2020-01-28 16:04:23,808 [8] DEBUG Utils - Request Payload is: { "authnAttemptTimeout": 180.0, "clientId": "server.domain.com", "subjectName": "jdoe", "lang": "us_EN", "assurancePolicyId": "", "clientDetails": { "hostname": "server.domain.com", "softwareId": "4ab036b6-ee14-466f-ad8e-b7ea4b06f055", "version": "2.0.1.27", "component": "RSA Authentication Agent 2.0.0.0 for ADFS", "platform": "Microsoft Windows Server 2016 Standard" } "context": { "messageId": "3fe0017c-3463-495b-9911-57df9da06fcc" } "keepAttempt": false } 2020-01-28 16:04:23,823 [8] INFO ServerManager - getServerUrl(): returning server: https://server.domain.com:5555/mfa/v1_1 2020-01-28 16:04:23,995 [8] DEBUG SecuritySettings - Entering Certificate Validator 2020-01-28 16:04:23,995 [8] ERROR SecuritySettings - Error in Server certificate validation: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 2020-01-28 16:04:23,995 [8] DEBUG SecuritySettings - Leaving Certificate Validator 2020-01-28 16:04:24,011 [8] DEBUG MFAInitializeProcessor - Leaving MFAInitializeProcessor::process() 2020-01-28 16:04:24,011 [8] ERROR AuthnRequestService - MFA Response is empty. Returning Null 2020-01-28 16:04:24,011 [8] INFO AuthnAdapter - Authentication step completed. |
Cause | The cause of this error is either:
|
Resolution | To resolve the issue,
IMPORT-MODULE PKI SET-LOCATION CERT: Get-ChildItem –Path <C:\CertDirectory\mycert.cer> | Import-Certificate – CertStoreLocation cert:\LocalMachine\Root where, <C:\CertDirectory\mycert.cer> is the full file path of the certificate. |