Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032125 - SOAP challenge request error of reason code 1303 in RSA Adaptive Authentication (OnPrem)

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 1 Like1
Comment • 0
View in full screen mode

Article Content

Article Number	000032125
Applies To	RSA Product Set: Adaptive Authentication (OnPrem) RSA Version/Condition: 7.x
Issue	User is getting a SOAP challenge request error of reason code 1303 in the aa_server log (located in main logs directory on server running AdaptiveAuthentication application, typically /rsa/logs). 2015-11-23 10:28:36,249 WARN [WebContainer : 3] [7d35-:d6b07943151:ebe0494] [TRANSID_UNDEFINED] [com.rsa.csd.impl.RsaSessionImpl] - <No transaction has been created yet.> 2015-11-23 10:28:36,250 ERROR [WebContainer : 3] [] [] [com.rsa.csd.ws.impl.AdaptiveAuthenticationImpl] - <com.rsa.csd.ws.impl.AdaptiveAuthProcessException: Reason Code: 1303 Description: Invalid Transaction Id Error Unable to retrieve transaction object w/ transaction id = f344-:f32bec33151:8c86dbc_TRX> com.rsa.csd.ws.impl.AdaptiveAuthProcessException: Reason Code: 1303 Description: Invalid Transaction Id Error Unable to retrieve transaction object w/ transaction id = f344-:f32bec33151:8c86dbc_TRX at com.rsa.csd.ws.impl.helper.GenericHelper.getTransaction(GenericHelper.java:567)
Cause	This issue occurs when a challenge SOAP request is issued without that challenge type being authorized by the previous analyze request. It often happens when a soap flow is setup that does not check the soap analyze response actionCode is equal to CHALLENGE and verify the requiredCredentialList before issuing an appropriate challenge request. This issue can occur when someone changes the event type to SESSION_SIGNIN when the flow has policy rules set up under a different event type. Therefore, the intended rule never fires. In a test environment, this error often occurs when no policy rules have been setup, so the analyze request will always fire the "FALLBACK RULE". The challenge was then issued without checking the analyze response. The flow is not checking the results of the analyze soap response for actually always expects a challenge and issues one anyway, causing the 1303 error.
Resolution	The issue can be determined by reviewing the policy rules against the users having errors in the aa_server log and checking which rule actually fired in the forensic log. Search for the user in the audit and forensic logs by using a SHA-1 hash of the username. Hitting the "FALLBACK RULE" would indicate that either the appropriate policy rule was never created or not created for the event type used in the analyze request. There could also be an issue with the condition on the policy rule that was expected to fire. Verify the policy rules are setup properly in Back Office so when conditions are met a CHALLENGE will be initiated. Ensure your application code is checking the analyze response before issuing a challenge.

Attachments

Outcomes

0 Comments

Recommended Content