TPX Passticket validation fails for application session initiation, when IBM MFA / CA AAM is activated.
Checking for PassTicket use in the SEVPOST exit doesn't always work.
CA AAM users with the RADIUS_RSA factor can't use PassTickets.
When the user is an IBM MFA user with an active factor, flag SXPPSTKT is not set in the SEVPOST Exit parameter list even though a PassTicket is successfully used for signon.
Release : 5.4
Component : CA TPX for Z/OS
CA ACF2 for Z/OS
CA AAM for Z/OS
To circumvent change the RADIUS_RSA factor to NOACTIVE for the user or stop the CA AAM started task and give the user's Logonid FALLBACK.
To Fix the problem, apply ACF2 PTF LU01453.