search cancel

MFA azfcert1_provision utility fails with saf error and S047 Abend

book

Article ID: 241185

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Running IBM MFA bulk provisioning utility to register users for certificate authentication (AZFCERT1 factor).  There are two generated shell scripts (azfprov1.sh and azfprov2.sh).  The azfprov2.sh shell script runs the azfcert1_provision utility to register the user's certificate.  Contents of the azfprov2.sh script below.  This example is supposed to register gepiv.cer certificate to user id 815669.

azfcert1_provision 815669 /home/\$0789/gepiv.cer COMMIT  

The azfprov2.sh shell script  receives the following output with an error.  There are no TSS audit or USS violations related to this error.

$ sh azfprov2.sh                                                              

Existing AZFCERT1 factor data for user 815669:                                

  REGSTATE: OPEN                                                              

  SUBJECT:                                                                    

  ISSUER:                                                                      

  SERIAL:                                                                     

  CERTHASH:                                                                   

Pending AZFCERT1 tag data for user 815669:                                     

  REGSTATE: APPROVED                                                          

  SUBJECT:  CN=xxxxx,C=US,O=U.S. Government,OU=XXXXX                   

  ISSUER:   C=US,O=U.S. Government,OU=XXXXX                                    

  SERIAL:   5CC5FABC                                                         

  CERTHASH: A563B78DFBE903761EKBECBD7BE680694EC972E                          

20220329115454.490140 AZFCERT1:Error setting AZFCERT1 factor data (sts=0,safrc=

,racfrc=8,racfrsn=0x4)                                                         

Error: Failed to commit AZFCERT1 tags (sts=0,safrc=8,racfrc=8,racfrsn=0x4).   

***Execution of the Provisioning Shell Script fails with a S047 Abend.
 

Environment

Release : 16.0

Component : Advanced Authentication Mainframe

Resolution

Please contact support for test fix LT05572.

The SO47 abend is the culprit and it is fixed by the above fix.