000016067 - AxM / AA - Would like AxM to handle use cases where number of enrollment questions changes

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016067
Applies ToRSA Access Manager 6.1.3
RSA AA on-premise 6.0.2.1 SP2 / SP3
RSA Access manager Agent : 4.9 SP1 or SP2
IssueAxM / AA - Would like AxM to handle use cases where number of enrollment questions changes
If the user has already enrolled in AA and the number of enrollment questions is changed in the AxM server, the user can still authenticate but is not able to edit their enrollment answers.
The user will see an enrollment screen with the number of questions they are already enrolled with. There is no additional field for entering a new question answer (i.e. if the user was enrolled with 3 answers, they will see 3 fields even if the current setting is for 4 question/answer sets).
If the user tries to update their enrollment it will fail because the wrong number of answers is submitted (3 instead of 4).
Customer would like to have users be able to update their enrollment in this case without having an administrator delete the user enrollment from AA first.
ResolutionContact RSA Support and request hot fix for Access Manager server 6.1.3.19
NotesAssumption
All the test cases assume that the user is already enrolled into AA and the organization modifies the count of enrollment questions or Sign-In (Challenge) questions later in AA Adapter.
Test Case 1
Enrollment Question count increased
Challenge Question count increased
a) Challenge Question count <= Enrollment Question Count
Result: User is asked to re-enroll into AA system with new count of enrollment questions.
b) Challenge Question count > Enrollment Question Count
Result: Restarting the Authorization server throws following warning on AServer console and AA is disabled for above set of conditions:
WARNING: Invalid value "<count>" set for parameter cleartrust.adaptive_auth.signin.questions.count. Authorization Server has disabled RSA Adaptive Authentication.
Test Case 2
Enrollment Question count decreased
Challenge Question count decreased
a) Challenge Question count <= Enrollment Question Count
Result: User is asked to re-enroll into AA system with new count of enrollment questions.
b) Challenge Question count > Enrollment Question Count
Result: Restarting the Authorization server throws following warning on AServer console and AA is disabled for above set of conditions:
WARNING: Invalid value "<count>" set for parameter cleartrust.adaptive_auth.signin.questions.count. Authorization Server has disabled RSA Adaptive Authentication.
Test Case 3
Enrollment Question count increased or decreased
Challenge Question count constant
Challenge Question count <= Enrollment Question Count
Result: User is asked to re-enroll into AA system with new count of enrollment questions.
Test Case 4
Enrollment Question count constant
Challenge Question count increased or decreased
Challenge Question count <= Enrollment Question Count
Result: User is challenged with the modified set of sign-in questions.
Test Case 5
Enrollment Question count increased
Challenge Question count decreased
Challenge Question count <= Enrollment Question Count
Result: User is asked to re-enroll into AA system with new count of enrollment questions.
Legacy Article IDa56426

Attachments

    Outcomes