000035137 - Error message "Agent Integration Error" when logging in to RSA Link

Document created by RSA Customer Support Employee on May 8, 2017Last modified by RSA Customer Support Employee on Jul 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035137
Applies ToRSA Product Set: RSA Link (community.rsa.com)
Platform: Google Chrome, Microsoft Internet Explorer, Mozilla Firefox
IssueOn occasion, RSA Link users will see an “Agent Integration Error” message on their browser after successfully authenticating to RSA Link.
User-added image
 
CauseThe “Agent Integration Error” is at times caused by a JavaScript issue.  If so, it is a problem with the user's browser and not the firewall or network permissions.
The first recommendation is to clear the browser’s cache and cookies, and then trying to log in again. If you are using an IE browser and it doesn’t cooperate, please try Firefox or Chrome.
In most cases, the Agent Integration Error is caused by a problem on the user’s side.  Something in their network (incorrect configuration on a web proxy, etc.) may be interfering with the secure connection.  RSA does not have any visibility into the user’s system and therefore will not be able to pinpoint the cause of the issue.
If the user tries Firefox, they may see a Firefox error “connection not secure”, which can be caused by several things.  While it can be caused by a problem on the RSA Link side (like the error says), this is usually not the case and generally the cause is the same network-related issue as with the IE and Chrome failures.
This can be verified by the user accessing RSA Link (https://community.rsa.com) from a machine outside their company’s network.  If it works then it can be concluded the issue is something within the company’s environment for that user.  They would then need to work with their internal IT department to troubleshoot the issue. 
 

RSA Link Login Process


The steps below describe the login process for RSA Link.
  1. The user enters the URL for the desired website. (e.g. https://community.rsa.com for RSA Link, https://download.rsasecurity.com for RSA Download Central, etc.)
     
  2. If the user hasn't yet logged in, the system redirects them to the RSA Authentication Manager system.  The user is sent to the shared login page.  (https://auth.rsasecurity.com/IMS-AA-IDP/InitialLogonDispatch.do)
     
  3. After the user successfully authenticates, the system redirects them back to the original URL from Step 1 and the user arrives at the desired website.
     
The Agent Integration Error indicates that the 3rd step encountered an issue. The user did log in successfully (credentials were verified) but the redirect to the RSA website has failed.  In every case that has been reported thus far, this failure was caused by a problem on the user’s side.
  • The redirect requires JavaScript to operate correctly.  If the user's browser is preventing the JavaScript functionality from running, this causes the redirect to fail.  Most users have Java enabled by default, so this is not often the culprit.
     
  • Browser cache issues can potentially interfere with the redirect.  This is easily resolved by clearing the cache and cookies.  The keyboard shortcut Ctrl+Shift+Delete (Windows) or Cmd+Shift+Delete (Mac) is used to access the cache options in most browsers.
     
  • The user's network security settings may be interfering.  If they have restricted the RSA URL then this will block the redirect process.  Other issues have also been seen where the user's web proxy has been incorrectly configured -- or at least in a way that prevents the redirect from completing successfully.
     
This last example (network configuration issue) seems to be the most common.  Users can verify it by accessing the RSA Link website from outside their company’s network.  If it works properly from outside then this confirms that the problem is somewhere within their network.
It is important to note that the redirect only occurs on the user's end and therefore no logs are captured by RSA to report the issue.  RSA has no systemic visibility into these failures and is unable to detect when they are experienced by users.
WorkaroundA workaround exists which will allow the user to log in while their IT department troubleshoot the root issue.  This workaround is to log on by using the Need to Token Authenticate? link on the login page.
User-added image
The token authentication process does not use the automatic redirect and therefore the user will not be affected by the "Agent Integration Error" issue.
There are two options for using this token process:
  1. The user can log in with their On-Demand Authentication (ODA) credentials, entering their ODA PIN into the Passcode field.  This will trigger an SMS text message to be sent to the user's mobile phone with a tokencode, which can then be used to complete the authentication and enter the website.  If the user hasn't yet set up On-Demand Authentication (ODA), they can do so in the RSA Self-Service Console.
     
  2. If the user is unable or unwilling to use On-Demand Authentication (ODA) then they can request an RSA SecurID token instead.  RSA would need to manually assign and shop a hardware token to them. Once they receive it, they can follow the standard RSA SecurID authentication process to log in. (i.e. The user will click on the "Need to Token Authenticate?" link mentioned above.)  In this situation, the user must provide their office address for the shipment. (RSA cannot ship to home addresses or post office boxes.)
User-added image

Attachments

    Outcomes