SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000034392
Applies To
RSA Product Set: SecurID Access
Issue
Automatic IWA has been configured per Enable Automatic Integrated Windows Authentication but users are still presented with the portal login page where they need to either enter their credentials or click on the IWA icon.
The /var/log/symplified/symplified.log contains messages like:
The /var/log/symplified/symplified.log contains messages like:
2016-11-14/16:22:29.839/UTC [ajp-apr-8009-exec-4] ERROR com.symplified.service.appliance.sp.SPService[461] - IP restrictions likely misconfigured for idp RSA SecurID Access IWA Connector
2016-11-14/16:22:29.840/UTC [ajp-apr-8009-exec-4] INFO com.symplified.service.appliance.sp.SPService[100] - Pre-authentication policy evaluated to false,
not initiating authentication with idp RSA SecurID Access IWA Connector
Cause
Configuring the IWA Identity Provider with Authentication Source Rules/IP Range using Classless Inter-Domain Routing (CIDR) notation, as below, will cause this issue.
Image description
Image descriptionResolution
Use IP:NETMASK rather than CIDR notation to define the IP address range value. For example, rather than 192.168.20.0/24, use 192.168.20.0:255.255.255.0.
As always, be sure to re-publish after making this change.
As always, be sure to re-publish after making this change.
In this article
