IBM MFA factor AZFRADP1 logon prompt displayed incorrectly in ACF2
search cancel

IBM MFA factor AZFRADP1 logon prompt displayed incorrectly in ACF2

book

Article ID: 221097

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

TSO logon using IBM MFA factor AZFRADP1 gives an option 1 for EMAIL and 2 for SMS to continue from ACF01064 message: 

ACF82000  ACF2, LOGON IN PROGRESS                                             
ACF01064 SELECT AN OPTION TO CONTINUE: 1 - EMAIL, 2 - SMS. ENTER '0' TO ABORT.
ACF82006  ACF2, ENTER PASSWORD OR PASSWORD PHRASE -                          

After receiving the PIN in EMAIL or SMS, ACF2 does not prompt for an option to enter the pin and session is terminated with ACF82904 message:

ACF82000  ACF2, LOGON IN PROGRESS                                     
ACF01064 ENTER THE CODE FOR EMAIL AUTHENTICATION. ENTER '0' TO ABORT. 
ACF82904  ACF2, SESSION TERMINATED.    

AZF#IN00 log shows STCMAIN:PC return code=0x8, reason code=0x4, abend code=0x0

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

MAXTRY and PASSLMT settings in the GSO PSWD record should be increased to a value of 3 or more depending on how the RADIUS server is configured. 


If TSO logon results in ACF82904  ACF2, SESSION TERMINATED before a successful signon can be completed, increase the MAXTRY and PASSLMT settings as shown below:

ACF
SET C(GSO)
CHANGE PSWD MAXTRY(3)
F ACF2,REFRESH(PSWD)

ACF
SET C(GSO)
CHANGE PSWD PASSLMT(3)
F ACF2,REFRESH(PSWD)

Powered by Wolken Software