SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000038835
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0
Issue
This article explains how to resolve the following error with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication.
Users are experiencing sporadic authentication issues with RSA Authentication Agent 2.0 for AD FS. They see the following error in the UI:
Image description
Clearing browser cache and reloading the browser causes the AD FS server to present the RSA passcode input box as expected.
The log snippet below (by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs/rsa_adfs.log) has the following errors:
Also,
Users are experiencing sporadic authentication issues with RSA Authentication Agent 2.0 for AD FS. They see the following error in the UI:
Image descriptionClearing browser cache and reloading the browser causes the AD FS server to present the RSA passcode input box as expected.
The log snippet below (by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs/rsa_adfs.log) has the following errors:
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Claim Type = http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Username obtained from AD FS: DOMAIN\bharath
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, User = bharath, lcid = 2355
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextId = 7r8h668d-78vf-645c-r788-rt09ddb6345h, authState = NotAuthenticated
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - BeginAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, AuthState = CALL_INITIALIZE
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - TryEndAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] ERROR AuthnContextValidator - Invalid authentication context
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Authentication step completed.
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Username obtained from AD FS: DOMAIN\bharath
2020-05-03 04:33:40,856 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, User = bharath, lcid = 2355
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextId = 7r8h668d-78vf-645c-r788-rt09ddb6345h, authState = NotAuthenticated
2020-05-03 04:33:40,856 [29] INFO AuthSessionAdapter - BeginAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - Initial state: ActivityId = 9c49r5nm-3449-9qlt-55b3-0077710990j5, ContextID = 7r8h668d-78vf-645c-r788-rt09ddb6345h, AuthState = CALL_INITIALIZE
2020-05-03 04:34:27,012 [29] INFO AuthSessionAdapter - TryEndAuthentication() called for User: jdoe
2020-05-03 04:34:27,012 [29] ERROR AuthnContextValidator - Invalid authentication context
2020-05-03 04:34:27,012 [29] INFO AuthnAdapter - Authentication step completed.
Also,
cfd1eb07-44ce-40fe-903f-9e6b02b8b0a9, User = bharath, AuthState = FACTS_COLLECTION
2020-05-03 09:54:33,553 [4] ERROR AuthnContextValidator - Invalid authentication context. CookieName = MSISAuth. -1696625532 does not match -80227276
2020-05-03 09:54:33,553 [4] INFO AuthnAdapter - TryEndAuthentication: Authentication step completed.
2020-05-03 09:54:33,553 [4] ERROR AuthnContextValidator - Invalid authentication context. CookieName = MSISAuth. -1696625532 does not match -80227276
2020-05-03 09:54:33,553 [4] INFO AuthnAdapter - TryEndAuthentication: Authentication step completed.
Cause
The errors that are shown above are due to one or more load balancers in the AD FS farm. Enabling persistence when using one or more load balancers helps prevent the authentication issue to AD FS.
Using session cookies allows you to activate session stickiness with a single mouse.
Using session cookies allows you to activate session stickiness with a single mouse.
Resolution
Enabling persistence on the load balancers, as shown, sets a dedicated session cookie in a user's browser. This ensures that a dedicated server handles the request.
Image description
Image descriptionIn this article
