|Applies To||RSA Product Set: RSA SecurID Access|
RSA Product/Service Type: Identity Router
|Issue||End users are unable to login to the RSA SecurID Access SSO Portal or perform SSO login to applications with IWA.|
|Cause||IWA is not accessible or is not responding. This can be investigated by checking the events in the RSA Identity Router (IDR)'s symplified.log file.|
An administrator can view an IDR's /var/log/symplified/symplified.log which can be obtained as described in the article on how to Generate and Download an Identity Router Log Bundle. Be sure to obtain the log bundle and check the symplified.log from all IDRs that are in use in the affected deployment.
Using a text editor, search the symplified.log looking for events logged by the component com.symplified.adapter.idp.saml2.generic.Saml2GenericIdPHandler.
A normal sequence for an IWA authentication, logged by this IDR component to symplified.log, should include the following events in the order shown:
INFO com.symplified.adapter.idp.saml2.generic.Saml2GenericIdPHandler - Posting SAMLRequest to IdP endpoint: https://<IWA URL>
Note that there will be events from other IDR components interleaved between the above events in the symplified.log.
|Resolution||Steps that can be taken to investigate further:|
|Workaround||Until the IWA issue is fixed, end users can enter their user ID and password into the Portal sign on screen, rather than authenticating with IWA.|