This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Single sign-on with RSA SecurID Access is failing intermittently

Article Number

000035216

Applies To

RSA Product Set:  RSA SecurID Access
RSA Product/Service Type: Identity Router

Issue

End users are occasionally unable to login with single sign-on (SSO) to applications.
The error following error is displayed when this occurs:
 
Application appears to be improperly configured. Contact your Administrator for assistance.
 
Retrying the login attempt eventually works.

Cause

During a login session, all messages related to the session must be forwarded by the load balancer to the same identity router (IDR).  IDRs do not share end user session information with other IDRs.   See Load Balancer Requirements for information about session persistence.

Intermittent SSO failures are typically caused when session persistence is not being done by the load balancer.  This could be due to a load balancer configuration problem or some other reason.

Resolution

To resolve this issue,
  1. Check your load balancer configuration to ensure it is set for session persistence, as described in Load Balancer Requirements.  If you have a NetScaler load balancer, see Netscaler Load Balancing Configuration for RSA Via Access IDR Cluster.
  2. Check that your IDRs and the load balancer as well, all have their time synchronized to an NTP server.  Depending on the method used by your load balancer for session persistence, a time of day discrepancy between it and the IDRs could hinder it from recognizing existing sessions. See How to check if NTP is working on your RSA SecurID Access Identity Router.
  3. If session duration is too short, it can also force users to re-authenticate frequently.  Check how to Configure Session and Authentication Method Settings to set Session Duration for User Sessions. 
Tags (69)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 05:31 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.