AuthnContextValidator error when trying to authenticate using RSA Authentication Agent 2.0 for AD FS
Originally Published: 2020-05-06
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0
Issue
Users are experiencing sporadic authentication issues with RSA Authentication Agent 2.0 for AD FS. They see the following error in the UI:
Clearing browser cache and reloading the browser causes the AD FS server to present the RSA passcode input box as expected.
The log snippet below (by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs/rsa_adfs.log) has the following errors:
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Claim Type = http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Username obtained from AD FS: DOMAIN\bharath
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, User = bharath, lcid = 2355
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextId = 7r8h668d-78vf-645c-r788-rt09ddb6345h, authState = NotAuthenticated
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - BeginAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, AuthState = CALL_INITIALIZE
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - TryEndAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] ERROR AuthnContextValidator - Invalid authentication context
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Authentication step completed.
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Username obtained from AD FS: DOMAIN\bharath
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, User = bharath, lcid = 2355
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextId = 7r8h668d-78vf-645c-r788-rt09ddb6345h, authState = NotAuthenticated
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - BeginAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, AuthState = CALL_INITIALIZE
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - TryEndAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] ERROR AuthnContextValidator - Invalid authentication context
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Authentication step completed.
Also,
cfd1eb07-44ce-40fe-903f-9e6b02b8b0a9, User = bharath, AuthState = FACTS_COLLECTION
2020-05-03 09:54:33,553 [4] ERROR AuthnContextValidator - Invalid authentication context. CookieName = MSISAuth. -1696625532 does not match -80227276
2020-05-03 09:54:33,553 [4] INFO AuthnAdapter - TryEndAuthentication: Authentication step completed.
2020-05-03 09:54:33,553 [4] ERROR AuthnContextValidator - Invalid authentication context. CookieName = MSISAuth. -1696625532 does not match -80227276
2020-05-03 09:54:33,553 [4] INFO AuthnAdapter - TryEndAuthentication: Authentication step completed.
Cause
Using session cookies allows you to activate session stickiness with a single mouse.
Resolution
