Running IBM MFA bulk provisioning utility to register users for certificate authentication (AZFCERT1 factor). There are two generated shell scripts (azfprov1.sh and azfprov2.sh). The azfprov2.sh shell script runs the azfcert1_provision utility to register the user's certificate. Contents of the azfprov2.sh script below. This example is supposed to register gepiv.cer certificate to user id 815669.
azfcert1_provision 815669 /home/\$0789/gepiv.cer COMMIT
The azfprov2.sh shell script receives the following output with an error. There are no TSS audit or USS violations related to this error.
$ sh azfprov2.sh
Existing AZFCERT1 factor data for user 815669:
REGSTATE: OPEN
SUBJECT:
ISSUER:
SERIAL:
CERTHASH:
Pending AZFCERT1 tag data for user 815669:
REGSTATE: APPROVED
SUBJECT: CN=xxxxx,C=US,O=U.S. Government,OU=XXXXX
ISSUER: C=US,O=U.S. Government,OU=XXXXX
SERIAL: 5CC5FABC
CERTHASH: A563B78DFBE903761EKBECBD7BE680694EC972E
20220329115454.490140 AZFCERT1:Error setting AZFCERT1 factor data (sts=0,safrc=
,racfrc=8,racfrsn=0x4)
Error: Failed to commit AZFCERT1 tags (sts=0,safrc=8,racfrc=8,racfrsn=0x4).
***Execution of the Provisioning Shell Script fails with a S047 Abend.
Release : 16.0
Component : Advanced Authentication Mainframe
Please contact support for test fix LT05572.
The SO47 abend is the culprit and it is fixed by the above fix.