000029549 - RSA Access Manager Agent not directing user to AA challenge page

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029549
Applies ToRSA Product Set: ClearTrust
RSA Product/Service Type: Web Agent Apache
RSA Version/Condition: V4.9 SP3
Platform: Linux
Platform (Other): AA 7.1 AxM 6.2
O/S Version: Red Hat Linux 6.2
Product Name: RSA-0010010
Product Description: RSA Access Manager with RSA Adaptive Authentication
IssueRSA Access Manager Agent not directing user to AA challenge page.
The RSA Access Manager Agent log (at DEBUG log level) shows the following.
2015-01-12 14:53:36 -0500 - [2942904640] - <Info> - [ct_Set_AA_<Challenge>_Credentials_In_Header] - AA Transaction data:bef7-:a66fdafda41:99550c81-_TRX
2015-01-12 14:53:36 -0500 - [2942904640] - <Info> - [ct_Set_AA_<Challenge>_Credentials_In_Header] - AA Session data available: cef7-:a66fdafda41:99550c81-
2015-01-12 14:53:36 -0500 - [2942904640] - <Debug> - [ct_Set_AA_<Challenge>_Credentials_In_Header] - Challenge credential: QUESTION
2015-01-12 14:53:36 -0500 - [2942904640] - <Debug> - [ct_Set_AA_Challenge_Credentials_In_Header] - <Challenge> credential: QUESTION
2015-01-12 14:53:36 -0500 - [2942904640] - <Debug> - [ct_Set_AA_<Challenge>_Credentials_In_Header] - It is Question Type
2015-01-12 14:53:36 -0500 - [2942904640] - <Debug> - [ct_Set_AA_<Challenge>_Credentials_In_Header] - Func pointer is not NULL
2015-01-12 14:53:36 -0500 - [2942904640] - <Debug> - [ct_Set_<Challenge>_Question_Credential] - Question count int ResultMap:(null)
2015-01-12 14:53:36 -0500 - [2942904640] - <Debug> - [ct_Set_AA_<Challenge>_Credentials_In_Header] - AA session Data: (null)
The RSA Adaptive Authentication (AA) log file shows the following:
2015-01-12 14:53:36,939 ERROR [tomcat-http--17] [] [] [com.passmarksecurity.impl.PassMarkSessionMgrImpl] - <Failed to get a session for cef7-:a66fdafda41:99550c81- because: org.springframework.dao.InvalidDataAccessResourceUsageException: could not execute query; SQL [select this_.id as id99_1_, this_.ADDITIONALINFO as ADDITION2_99_1_, this_.AUTHCREDS as AUTHCREDS99_1_, this_.clientSessionId as clientSe4_99_1_, this_.CREATEDATE as CREATEDATE99_1_, this_.DELETED as DELETED99_1_, this_.DEVICEID as DEVICEID99_1_, this_.EVENT_NOTIFICATION as EVENT7_99_1_, this_.EXPIRATION as EXPIRATION99_1_, this_.inUse as inUse99_1_, this_.lastModifiedDate as lastMod10_99_1_, this_.mockChallengeFailures as mockCha11_99_1_, this_.POLICY_ACTION_OUTCOME as POLICY12_99_1_, this_.REQUIREDCREDS as REQUIRE13_99_1_, this_.sessionId as sessionId99_1_, this_.sessionOwner as session15_99_1_, this_.UPDATE_CRE as UPDATE16_99_1_, this_.USERID as USERID99_1_, transactio2_.SESSIONID as SESSIONID99_3_, transactio2_.id as id3_, transactio2_.id as id100_0_, transactio2_.CREATEDATE as CREATEDATE100_0_, transactio2_.EXPIRATION as EXPIRATION100_0_, transactio2_.inUse as inUse100_0_, transactio2_.lastModifiedDate as lastModi5_100_0_, transactio2_.transactionId as transact6_100_0_ from RSA_CORE.RSASESSION this_ left outer join RSA_CORE.RSATRANSACTION transactio2_ on this_.id=transactio2_.SESSIONID where (this_.sessionId=?)]; nested exception is org.hibernate.exception.SQLGrammarException: could not execute query>
ResolutionIf RSA Access Manager cannot get a result back from RSA Adaptive Authentication then it is unable to determine how to display a challenge page to the user.  The null result map indicates that AA was contacted, but refused to return a result when asked for a list of challenge questions to present to the user.  Without this information RSA Access Manager cannot display the challenge page. 
Ensure that RSA Adaptive Authentication is working correctly.  If the AA server shows a SQL error, identify what tables and rows are missing from the AA database and add them in.