TPX Passticket validation fails for application session initiation, when IBM MFA / CA AAM is activated. 

Checking for PassTicket use in the SEVPOST exit doesn't always work.
CA AAM users with the RADIUS_RSA factor can't use PassTickets.

Release :  5.4
                16.0
                 2.0

Component : CA TPX    for  Z/OS
                      CA ACF2 for Z/OS
                      CA AAM  for Z/OS

When the user is an IBM MFA user with an active factor, flag SXPPSTKT is not set in the SEVPOST Exit parameter list even though a PassTicket is successfully used for signon.

To circumvent change the RADIUS_RSA factor to NOACTIVE for the user or stop the CA AAM started task and give the user's Logonid FALLBACK.

To Fix the problem, apply ACF2 PTF LU01453 - PASSTICKET ISSUES WITH IBM MFA AND CA AAM