Configure no secondary Auth for a Risk Advise

book

Article ID: 188297

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Rapid App Security CA Risk Authentication CA Advanced Authentication

Issue/Introduction

There seems to be an issue with Riskminder, when all the Rules are set to Allow.

It seems like RM still looks to fetch the Email Address of the User and if the email is blank it fails with below error.

2020-03-12 12:33:01,546 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> User available in WebFort. Checking for the primary authentication Credential for user (user,org)=(AA,SSO) |20200312123300.853.c2a4f7f8

2020-03-12 12:33:01,547 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> Checking for the configured secondary authentication for user (user,org)=(AA,SSO) |20200312123300.853.c2a4f7f8

2020-03-12 12:33:01,547 [http-nio-8080-exec-5] INFO  integrations.frontend.LifeCycleStateData(729) [] -> Email address not available for user AA. Requires migration |20200312123300.853.c2a4f7f8

2020-03-12 12:33:14,192 [http-nio-8080-exec-1] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> Invoking: com.arcot.integrations.frontend.tasks.FormatResultForSiteMinderTask |20200312123300.853.c2a4f7f8

2020-03-12 12:33:14,192 [http-nio-8080-exec-1] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> ArcotAFM exception enroll.EMAIL_ADDRESS_ABSENT while determining if user requires migration: Your email address is not present in our records. For enrollment the email address is mandatory. To update your email address please contact customer care. |20200312123300.853.c2a4f7f8

2020-03-12 12:33:14,193 [http-nio-8080-exec-1] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> Invoking: com.arcot.integrations.frontend.tasks.UpdateTokenServerTask |20200312123300.853.c2a4f7f8

2020-03-12 12:33:14,193 [http-nio-8080-exec-1] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> Updating Token with {ArcotAuthUILandingURL=http://host:8080/arcotafm/master.jsp?profile=otpemail,AuthErrMsg=ArcotAFM exception enroll.EMAIL_ADDRESS_ABSENT while determining if user requires migration: Your email address is not present in our records. For enrollment the email address is mandatory. To update your email address please contact customer care.,LogMsgFromFrontEnd=ArcotAFM exception enroll.EMAIL_ADDRESS_ABSENT while determining if user requires migration: Your email address is not present in our records. For enrollment the email address is mandatory. To update your email address please contact customer care.,ShimPostEval=NoPostEval,AuthReturnReason=35,NextShimAction=Failure,AuthUserMsg=Your email address is not present in our records. For enrollment the email address is mandatory. To update your email address please contact customer care.,} |20200312123300.853.c2a4f7f8

Environment

Release : 9.1

Component : RiskMinder(Arcot RiskFort)

Resolution

Please follow the below steps to not use any secondary Authentication mechanism after a Step UP Risk Advise.

1) Configuration change in one of the property file for specific AFM profile
File: arcotafm.properties
key: < Profile name>.SecondaryAuthMechanism=QNA 
by default it is QNA lets remove this with empty parameter like below
  < Prifle name>.SecondaryAuthMechanism= 
 Note: Any Wizard change will overwrite this parameter, make sure this should be retained.

This will need the Application server restart which is hosting the AFM application.