Instructions on how to add these three rules in auth2.3.drl and c-config-forensic.xml to further breakdown the reasons of UserDeviceNotBound
1. Add the following function within the <java:functions> tags in the auth2.3.drl file.
public boolean hasDeviceToken(ForensicFactSet forensic)
{
boolean hasCookie = (forensic.getFact(ForensicFacts.DEVICE_COOKIE) != null);
boolean hasFso = (forensic.getFact(ForensicFacts.DEVICE_FSO) != null);
return (hasCookie || hasFso);
}
2. Add the following lines to the auth2.3.drl file above the UserDeviceNotBound rule, ensure that the salience values in the rules below are unique in your drl file.
<rule name="NoDeviceTokenAndJavascriptNotEnabled" no-loop="true" salience="70">
<parameter identifier="risk">
<class>AuthRiskResult</class>
</parameter>
<parameter identifier="forensic">
<class>com.passmarksecurity.forensic.ForensicFactSet</class>
</parameter>
<java:condition>risk.isJavascriptNotEnabled()</java:condition>
<java:condition>!hasDeviceToken(forensic)</java:condition>
<java:condition>risk.isUserDeviceNotBound()</java:condition>
<java:consequence>
ClientFactImpl reasonClientFact = new ClientFactImpl("REASON", "NoDeviceTokenAndJavascriptNotEnabled");
outcome.add(reasonClientFact);
drools.retractObject(risk);
</java:consequence>
</rule>
<rule name="DeviceTokenAndUserDeviceNotBound" no-loop="true" salience="69">
<parameter identifier="risk">
<class>AuthRiskResult</class>
</parameter>
<parameter identifier="forensic">
<class>com.passmarksecurity.forensic.ForensicFactSet</class>
</parameter>
<java:condition>risk.isUserDeviceNotBound()</java:condition>
<java:condition>hasDeviceToken(forensic)</java:condition>
<java:condition>(forensic.getFact(ForensicFacts.DEVICE_CREATED) == null)</java:condition>
<java:consequence>
ClientFactImpl reasonClientFact = new ClientFactImpl("REASON", "DeviceTokenAndUserDeviceNotBound");
outcome.add(reasonClientFact);
drools.retractObject(risk);
</java:consequence>
</rule>
<rule name="DeviceTokenAndDeviceCreated" no-loop="true" salience="68">
<parameter identifier="risk">
<class>AuthRiskResult</class>
</parameter>
<parameter identifier="forensic">
<class>com.passmarksecurity.forensic.ForensicFactSet</class>
</parameter>
<java:condition>hasDeviceToken(forensic)</java:condition>
<java:condition>(forensic.getFact(ForensicFacts.DEVICE_CREATED) != null)</java:condition>
<java:consequence>
ClientFactImpl reasonClientFact = new ClientFactImpl("REASON", "DeviceTokenAndDeviceCreated");
outcome.add(reasonClientFact);
drools.retractObject(risk);
</java:consequence>
</rule>
3. Add the following entries to the policyOutcome bean definition in the c-config-forensic.xml file
<entry key="NoDeviceTokenAndJavascriptNotEnabled">
<value>CHALLENGE</value>
</entry>
<entry key="DeviceTokenAndUserDeviceNotBound">
<value>CHALLENGE</value>
</entry>
<entry key="DeviceTokenAndDeviceCreated">
<value>CHALLENGE</value>
</entry>
Related Articles
Revoked certificate reason code does not display Number of Views Error "Reason: Invalid credential" when attempting to configure RSA Via Access Identity Source Number of Views Error: 'Error executing: INSTALLSERVICE; Reason: Installation of RSA Mobile services were not successful.' while installin… Number of Views Does KCA publish reason codes for revoked certificates? Number of Views User synchronization failure for other reasons in RSA SecurID Access Cloud Administration Console Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
