Setting New Pin when using RADIUS in a LoadBalancer environment usually fails

3 years ago

Originally Published: 2022-06-21

Article Number

000067919

Applies To

AM 8.6

Issue

Setting New Pin when using RADIUS in a LoadBalancer environment usually fails

Cause

It is observed that setting a new pin via the SSC works just fine.
But only when setting up a pin for a token mostly fails when using RADIUS protocol in a Load Balancer environment.

Workaround

Below is an example of a failure:
User-added image

As seen the Client and Agent IPs are different in both the transactions showing "New Pin Required" and "Principal Authentication"
When a New Pin is required, an Access-Challenge response is received from the RSA AM. This response contains the State Attribute.
The customer can be advised to create a rule that whenever there is a response from the AM containing the State Attribute to make the connection persisted. The entire transaction/session should be forced to happen via only the first node, where the traffic originated from until an Access-Accept or an Access-Reject is received from the AM server
User-added image

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles