Unable to retrieve Token error during Authentication ?
search cancel

Unable to retrieve Token error during Authentication ?

book

Article ID: 16559

calendar_today

Updated On:

Products

CA Advanced Authentication CA Strong Authentication CA Risk Authentication

Issue/Introduction

This document discusses situations when interaction with a previously created StateManager token fails during Authentication.  That is, a Update Token, Delete Token  or a Read Token request may fail with footprints as below: 

Shim Example - Thu Mar 14 15:43:55.662 2013 ERROR:   pid 23642 tid 53: 0 [706021002]: Error occurred during authentication process. Unable to retrieve Token

AFM Example-  2013-03-15 09:25:41,475 [http-172.24.50.169-8180-5] INFO integrations.frontend.StateData(?)  -> 707071346: Server transaction timeout:Requested token not found: <Token-Value> |

When can Advanced Authentication Token found missing during Authentication ? 

Environment

CA Authminder ( Arcot WebFort)

Resolution

Here are some of the reasons 

1. StateManager cannot be reached from the say Arcot adaptershim (Siteminder Policy Server).  - Network issues need to be diagnosed.

2. StateManager is not up and running.  - Bring up the StateManager

3. Loadbalancer configuration or other intermediate devices between the server requesting the token from the Statemanager  - Check Loadbalancer configuration and if possible try to access the Statemanager removing Loadbalancer. 

4. Check the StateManager logs for errors - for example check if the ARTSTOKEN DB table has been created and no errors called for this table. 

5. Note tokens have life measured with respect to inactivity. Say a user hits a back button to submit a long idle token then Token related errors could be presented. The Token has been idle for a while or expired or cleaned up  - Check the arcotsm.properties setting for life time of the token and token clean up time as shown below: 

# -------------------------------------------------------------------------- 
# TokenCleanupIntervalSeconds controls how frequently the token store will 
# be checked for idle and expired tokens. Optional setting. 
# 
# Note: The actual time that a token may exist is the sum of the maximum 
# settings above and this setting. 
# 
# Defaults to 30 
# -------------------------------------------------------------------------- 


TokenCleanupIntervalSeconds=30 

 

 

 

 

 

Additional Information

None. 

Powered by Wolken Software