|Applies To||Adaptive Authentication(On-Prem) v7.x(ALL)|
|Issue||When there is an issue with the backend database, policy refresh thread responsible for synchronizing AdaptiveAuthentication policies/rules in the database may get killed. Any changes performed to the policy/rule will not take effect and being ignored by AdaptiveAuthentication application. For example, user has been added to blacklist/whitelist etc account however it's not being denied/allowed by Online Banking(OLB) application.|
When there are multiple AdaptiveAuthentication server instances(clusted environment) deployed in the environment, this issue can cause rule inconsistencies as rules may triggered differently between application servers.
|Resolution||In ideal scenario this is not a bug. If there is a database issue, AdaptiveAuthentication application server should also be restarted to resolve database connection issue.|
For 7.1 SP0 P2, HF110 addresses the issue with policy refresh. Please contact RSA Customer Support to obtain the hot fix for your AdaptiveAuthentication(on-Prem) version.
|Workaround||AdaptiveAuthentication application server should be restarted to resolve database connection issue.|
|Notes||How to know whether your AdaptiveAuthentication application is effected by the issue?|
1. Add user/account etc to blacklist/whitelist account and test whether user is still allowed/rejected to perform transaction.
2. Capture Java thread dump and review if PolicyEngineOnlineUpdater thread exists. If the policy refresh thread does not exist, the thread has died and any changes to policies/rules will not take effect. For example the following is excerpted from Tomcat(java) thread dump. The thread is sleeping and should be able to synch policies/rules once awaken.
"pool-5-thread-3" prio=10 tid=0x00002af0ad838000 nid=0x2fbf waiting on condition [0x00002af0b260c000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
at java.lang.Thread.sleep(Native Method)