Article Number
000038991
Applies To
RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0
Issue
The RSA Authentication Agent for AD FS failed to authenticate users on AD FS servers that are using different language localization. The following error is seen:
Please contact your system administrator
The following error is in the event log of the AD FS server:
AD FS/Admin
Id: 364
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
https://<server-name>/identity
Exception details:
Microsoft.IdentityServer.Web.WebConfigurationException: No style sheet is configured in the active theme for default locale [nl-NL/1043].
at Microsoft.IdentityServer.Web.UI.ThemeAuthoringEngine.PrepareTheme()
at Microsoft.IdentityServer.Web.UI.PageBase.get_ThemeAuthoringEngine()
at Microsoft.IdentityServer.Web.Authentication.External.AdapterPresentationManager.get_ResponseCulture()
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Cause
The RSA Authentication Agent for AD FS is trying to display the authentication page with the non-English language that is configured on the AD FS server. It is failing because the localization languages are not set correctly.
Resolution
To resolve this issue,
- Download the RSA Authentication Agent 2.0 Language Pack for AD FS Localized Pages .zip file from RSA Link.
- Add the localized authentication page using the following procedures.
- Sign into the AD FS server where you installed the RSA Authentication Agent for AD FS.
- Copy the contents of the ADFSAgentv2LocalizedPages.zip to C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\lang\, replacing any duplicate files.
- Open a PowerShell command prompt.
- Enter the following to run the Agent for AD FS localization script:
cd 'C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\lang' .\MFAAuthProviderLocalization.ps1
- Enter 1 to add and enable the localized language resource files.
- Enter 3 to exit.
- Restart the AD FS services.
- Sign into the AD FS server where you installed the RSA Authentication Agent for AD FS.
- Open a PowerShell command prompt.
- Enter the following to run the Agent for AD FS Configuration Utility:
cd 'C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\scripts'
.\MFAAuthProviderConfigSettings.ps
- From the menu, enter 3 to select Restart AD FS.
To remove Localized Authentication pages, follow the steps below:
- Sign into the AD FS server where you installed the RSA Authentication Agent for AD FS.
- Open a PowerShell command prompt.
- Enter the following to run the Agent for AD FS localization script:
cd 'C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\lang'
.\MFAAuthProviderLocalization.ps
- Enter 2 to remove localized language resource files.
- Enter 3 to exit.
- Delete the language files from C:\Program Files\RSA\RSA Authentication Agent\AD FS MFA Adapter\lang\.
- Restart the AD FS services, as shown in 2g above.
Workaround
If the required language is listed in the Notes section below, use the following workaround from Microsoft on
AD FS 4.0, Custom MFA Provider, International locales, and style sheet exception to set the region format to US-EN.
Notes
Localized pages are provided for US English and for the following languages:
- French (fr)
- German (de)
- Italian (it)
- Japanese (ja)
- Korean (ko)
- Portuguese (pt)
- Russian (ru)
- Simplified Chinese (zh-Hans)
- Spanish (es)
