This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Error: Failed to connect to Identity Router, RSA SecurID Access Authenticate app tokencodes fail with an RSA Authentication Manager protected resource

Article Number

000037843

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4 Patch 4

Issue

RSA SecurID Authentication Manager is connected to the Cloud Authentication Service.
Attempting to authenticate to an Authentication Manager protected resource using an Authenticate App tokencode results in an authentication failure. 
The following error is shown in the: Security Console Reporting >  Real-time Activity Monitors System Activity Monitor:

        Error: Failed to connect to Identity Router

Cause

This can occur in a scenario where the following three conditions are met:
  1. Authentication Manager is connected to the Cloud Authentication Service by setting up the configuration under: Security ConsoleHome > Connect to the Cloud Authentication Service.
  2. Authentication Manager is also configured to send the Authenticate tokencodes to the Cloud Authentication Service through the identity router(s) under: Operations Console > Deployment Configuration > RSA SecurID Authenticate App.
  3. Authentication Manager is no longer able to successfully communicate with an identity router as needed for the configuration of (2) above. This can be verified by using the Test Connection button on the Operations Console > Deployment Configuration > RSA SecurID Authenticate App page. (If there are any replica Authentication Manager servers in the environment, the connection should also be tested from each replica's Operations Console to verify the connection to the identity router(s) from that particular Authentication Manager instance.)

Resolution

There are two ways to resolve this:

        Solution 1: Disable the configuration that allows Authenticate app tokencodes to be sent from the Authentication Manager to the Cloud Authentication Service through the identity router(s). This can be done by going to: Operations Console > Deployment Configuration > RSA SecurID Authenticate App and unchecking the "Allow authentication using Authenticate Tokencodes" option. Then save these settings.

With this option disabled, the Authenticate tokencodes will no longer attempt to be sent to the Cloud Authentication Service through the identity router(s) but will instead be sent using Authentication Manager's direct connection to the Cloud Authentication Service.

        Solution 2: Resolve the connection issue between the Authentication Manager server(s) and identity router(s) to allow the Authenticate tokencodes to be sent to the Cloud Authentication Service through the identity router(s).
0 Likes
Was this article helpful? Yes No
0% helpful (0/1)

In this article

Version history
Last update:
‎2020-12-12 03:07 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.