Hi everyone,
We are seeing high number of DEVICE_TOKEN_HEADER_MISMATCH entries in audit logs. Does that mean that the client application who implemented rsa.js is not properly collecting the device information?
There was no changes from application perspective , but these DEVICE_TOKEN_HEADER_MISMATCH errors have been increasing day by day.
Any idea how to troubleshoot this problem.
Thank you.
Ramji Srinivasan
HI,
DEVICE_TOKEN_HEADER_MISMATCH happens when RSA last login token( From the last session_sign for this user from authenticate API call) is not being sent AA. So as a result user is being challenged. and customers are seeing challenge rate is going up.
Basically you are getting the DEVICE_TOKEN_HEADER_MISMATCH as a result AA will do USER_UNBOUND so the user will be Challenged on the next login. DEVICE_TOKEN_HEADER_MISMATCH keeps happening to the users and users are being challenged.
How to trouble shoot this issue:
Either open a case with RSA AA technical support
Or
you can follow the sequences for past session_signs by the user in aa_server.audit.logs and aa_Server.fornsic.logs
which has the device token cookies.
We need to figure out to see as why if the cookie is being sent to AA properly. So as you the last cookie form the last session needs to be saved in user browser and Sent back to AA in the next login. To identify this further if you cannot crack this from the code I need soap logs otherwise that is what is happening basically.
This is usually an implementation issue with customer application code. You need to review the workflows and ensure the last cookie sent from AuthenticateResponse() from AA is saved and sent back in the next Analyze() Call . Because the cookies are rotating for every API call.
Hope this helps.
Regards,
Farshad