VIP PUSH notification not sent\received on a mobile device.

book

Article ID: 170100

calendar_today

Updated On:

Products

VIP Authentication Service VIP Access for Mobile

Issue/Introduction

PUSH notifications stop sending a mobile device for 60 minutes, then begin sending again. 

VIP logs show: <status>600D</status><statusMessage>Operation not allowed in current state of credential.

The token VIP Access Push status shows as TEMPORARY LOCKED in VIP Manager. 

Cause

The PUSH lockout was designed to prevent PUSH spamming or looping. 
Setting the status from 'Temporarily Locked' to 'Enabled' by a VIP Manager administrator will unlock the PUSH. 

The PUSH lock activates after 5 consecutive failed/unanswered PUSH attempts and remains locked for 60 minutes after the last PUSH attempt. While locked, end-users will be prompted to enter a security code manually. 

If entering security codes manually is disabled in VIP Manager while the PUSH is temporarily locked, logins will fail with the error "Login failed. Please contact your administrator". 

For example, 5 pushes are:
 
Push Denied = fail count 1
Push Denied = fail count 2
Ignored = fail count 3
Ignored = fail count 4
Ignored = fail count 5, push is  temp locked.

 
The fail counter resets back to zero 60 minutes after the last PUSH was sent, or when the user accepts an active PUSH notification while the credential is not temporarily locked. 
 
Presently, there are no API calls to check what increment the counter value. VIP Manager cannot filter for users with temp. locked push credentials since it will automatically unlock. 

Environment

PUSH is enabled in a VIP account under the Policies tab in VIP Manager. VIP Access mobile is installed and the credential is registered to a user in VIP Manager. The credential shows a PUSH enabled.

Resolution

Possible causes:

  • PUSH being sent to a different credential ID (user gets a new device or reinstalls the app)
  • Device not connecting to the internet\wifi\data
  • Notifications disabled or hidden on the device
  • Notifications ignored or denied
  • Network latency
  • Misplaced or lost device
  • Misconfigured validation server and/or NAS or VPN settings, such as improper timeout or retry values.

The device must be able to accept the PUSH notifications (powered on, service available or on WiFi, not in airplane mode, not on silent mode, VIP notifications are not blocked, etc)

Use VIP Manager end-user REPORTS to view PUSH notification history for a user.

Attachments