MFA azfcert1_provision utility fails with saf error and S047 Abend
search cancel

MFA azfcert1_provision utility fails with saf error and S047 Abend


Article ID: 241185


Updated On:


Top Secret


Running IBM MFA bulk provisioning utility to register users for certificate authentication (AZFCERT1 factor).  There are two generated shell scripts ( and  The shell script runs the azfcert1_provision utility to register the user's certificate.  Contents of the script below.  This example is supposed to register gepiv.cer certificate to user id 815669.

azfcert1_provision 815669 /home/\$0789/gepiv.cer COMMIT  

The shell script  receives the following output with an error.  There are no TSS audit or USS violations related to this error.

$ sh                                                              

Existing AZFCERT1 factor data for user 815669:                                

  REGSTATE: OPEN                                                              





Pending AZFCERT1 tag data for user 815669:                                     

  REGSTATE: APPROVED                                                          

  SUBJECT:  CN=xxxxx,C=US,O=U.S. Government,OU=XXXXX                   

  ISSUER:   C=US,O=U.S. Government,OU=XXXXX                                    

  SERIAL:   5CC5FABC                                                         

  CERTHASH: A563B78DFBE903761EKBECBD7BE680694EC972E                          

20220329115454.490140 AZFCERT1:Error setting AZFCERT1 factor data (sts=0,safrc=


Error: Failed to commit AZFCERT1 tags (sts=0,safrc=8,racfrc=8,racfrsn=0x4).   

***Execution of the Provisioning Shell Script fails with a S047 Abend.


Release : 16.0

Component : Advanced Authentication Mainframe


Please contact support for test fix LT05572.

The SO47 abend is the culprit and it is fixed by the above fix.