This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Error Facts are not available when trying to authenticate using the RSA Authentication Agent 2.0 for AD FS

Article Number

000036984

Applies To

RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Agent for AD FS
RSA Version/Condition:  2.0
 

Issue

This article explains how to overcome the following error seen with the RSA Authentication Agent 2.0 for AD FS when using the agent for two factor authentication.

Facts are not available

The log snipped below is from the rsa_adfs.log, located by default in C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\logs:
2019-03-13 16:02:44,117 [20] INFO AuthSessionAdapter - TryEndAuthentication() called for User: Administrator
2019-03-13 16:02:44,117 [20] DEBUG AuthnRequestData - Constructing AuthnRequestData for user: Administrator
2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::Authenticate()
2019-03-13 16:02:44,133 [20] DEBUG AuthnRequestService - Entering AuthnRequestService::processRequest()
2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Creating AuthN sessionData from Initialize response.
2019-03-13 16:02:44,133 [20] INFO AuthnRequestService - Facts are not available
2019-03-13 16:02:44,133 [20] INFO AuthnAdapter - Authentication step completed.

Cause

The error occurs when the  name of the authentication agent in the Authentication Manager Security Console (Access > Authentication Agents > Manage Existing) does not match to the name of authentication agent created in the AD FS configuration page.

Resolution

To resolve the issue,
  1. In the Security Console, navigate to Access > Authentication Agents > Manage Existing.
  2. Select the Restricted or Unrestricted tab, depending on whether the agent with the issue is restricted or unrestricted.
  3. Take note of the agent name as shown below:
Image descriptionImage description
  1. Go to the AD FS server where the AD FS agent is installed.
  2. Browse to C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\scripts.
  3. Right click on the MFAAuthProviderConfigSettings file and select Run with PowerShell to open the RSA Agent for AD FS Configuration Utility.
Image descriptionImage description
  1. Wait for the script to run and open the PowerShell command prompt and select Y when prompted to continue, as shown:
Image descriptionImage description
  1. To view the current settings of the AD FS agent, select 1] View Current Settings from the displayed list:
Image descriptionImage description
  1. The agent name here and the agent name shown in step 3 must be identical.   Either:
    1. Edit the agent name in the Security Console (Access > Authentication Agents > Manage Existing by clicking on the context arrow next to the agent name and choosing Edit, making changes and clicking Save when done.
    2. Edit the agent name within PowerShell by entering 2]  to edit settings.
  2. Test authentication. 
  3. Correcting the naming should now resolve the error.



 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 03:35 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.