Article Number
000039789
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0
Issue
ADFS fails to authenticate against RSA Authentication manager on premise and while checking the logs from the below Path,
C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs\rsa_adfs, Found the below
2021-06-23 13:53:56,600 [15] ERROR SecuritySettings - ADFSCertificateValidator: Error in Server certificate validation: Certificate Name Mismatch
2021-06-23 13:53:56,613 [15] ERROR ConnectionHandler - DefaultExceptionFactory: Connection failed with a non-HTTP error. status = 0
2021-06-23 13:53:56,634 [15] ERROR ConnectionHandler - DefaultExceptionFactory: Handling a WebException. Status = TrustFailure, Response.ResponseUri =
Cause
While AM is communicating with the ADFS to validate the credentials, ADFS is failing to populate the AM certificate.
Resolution
Two solutions proved eligibility in this scenario,
- If getting a new signed certificate needs time, use the Authentication manager default certificate (optional). Reverting back to the RSA self-signed default certificates
- Replace the console certificate with a PFX certificate.
Import the new root certificate again on the ADFS server.
For certificate export, import, and similar server certificate validation error, refer resolution section of
Server certificate validation error when trying to authenticate using the RSA Authentication Agent 2.0 for AD FS