Setting New Pin when using RADIUS in a LoadBalancer environment usually fails
3 years ago
Originally Published: 2022-06-21
Article Number
000067919
Applies To
AM 8.6
Issue
Setting New Pin when using RADIUS in a LoadBalancer environment usually fails
Cause
It is observed that setting a new pin via the SSC works just fine.
But only when setting up a pin for a token mostly fails when using RADIUS protocol in a Load Balancer environment. 

 
Workaround
Below is an example of a failure:
User-added image
As seen the Client and Agent IPs are different in both the transactions showing "New Pin Required" and "Principal Authentication"
When a  New Pin is required, an Access-Challenge response is received from the RSA AM. This response contains the State Attribute.
The customer can be advised to create a rule that whenever there is a response from the AM containing the State Attribute to make the connection persisted. The entire transaction/session should be forced to happen via only the first node, where the traffic originated from until an Access-Accept or an Access-Reject is received from the AM server
User-added image

Related Articles

Trending Articles

Don't see what you're looking for?