search cancel

IBM MFA receiving "TSS7101E Password is Incorrect" in Top Secret

book

Article ID: 215553

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

After Configuring IBM's Multifactor Authentication (MFA) for IBMRSA the following error message was received during logon:

"TSS7101E Password is Incorrect"

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

MFA IBMRSA is a control option used to globally activate multi-factor authentication.

It has two options for activation:

  1. MFA(IBMRSA(FACILITY))

The ACID needs:

    • A CASECMFA permission:

TSS PERMIT(user) CASECMFA(TSSMFA.IBM.TSO) ACCESS(USE)

    • An MFA segment:  
      TSS ADD(user) MFACTOR(AZFSIDP1) MFADATA(SIDUSERID:rsauserid) MFACTIVE(YES) 

*MFA FACILITY activates the factor and specifies that validation is subject to facility-specific permits for the given user.*

       2. MFA(IBMRSA(YES))

The ACID needs:

    • An MFA segment:  
      TSS ADD(user) MFACTOR(AZFSIDP1) MFADATA(SIDUSERID:rsauserid) MFACTIVE(YES) 

Additional Information

For information regarding MFA reference the link below:

MFA—Activate/Deactivate Multi-Factor Authentication Services

For information regarding IBMRSA reference the link below:

Set Up IBM Multi-Factor Authentication and IBM MFA Web Services Started Tasks