|Applies To||RSA Product Set: ClearTrust|
RSA Product/Service Type: Access Manager
RSA Version/Condition: 6.2
Platform (Other): null
O/S Version: 2008 Server R2 x64
Product Name: null
Product Description: null
|Issue||Access Manager 6.2 Platforms/Operating Systems RSA Product Installed On: Windows 2008 R2 Summary of Problem:|
A user is repeatedly denied access when logging into an application protected by AxM/AA, a sample error message is listed below:
result_code=121,result_action=Request To AdaptiveAuth Store,result_reason=Failed,aa_status_code=500
|Cause||In this instance the "aa_status_code=500" is a general server error from the Adaptive Authentication application|
More details from the axis.log file indicate that this particular issue was caused by a configuration error in Adaptive Auth (see below)
<< "Reason Code: 1201[\n]"
<< "Description: Session Error [\n]"
<< "pmSession.genericInit failed: java.lang.IllegalArgumentException: Question 'Q4.5' is undefined[\n]"
<< "CAUSE: Question 'Q4.5' is undefined</ns1:reasonDescription><ns1:statusCode>500</ns1:statusCode></ns1:statusHeader></ns1:analyzeReturn></ns1:analyzeResponse>"
After properly configuring the challenge question in several places on the Adaptive Auth server, the issue was resolved
|Resolution||A "500" server error is a general error that the server returns, in this case, the Adaptive Authentication Application server.|
More details are needed to determine the cause of a "500" error.
One way to get more details from the Adaptive Auth connection is from the axis.log in the Access Manager logs directory.
The customer has to make sure the axis.log is configured in the adaptive-auth-onpremise.conf file
Once configured the customer has to reproduce the scenario that causes the "500" error and trouble shoot using the error details in the axis.log file.