Risk Rule Not Triggering When Using Latitude and Longitude Without clientIPAddress
search cancel

Risk Rule Not Triggering When Using Latitude and Longitude Without clientIPAddress

book

Article ID: 436982

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Risk Authentication

Issue/Introduction

Risk rules are triggered successfully when a valid clientIPAddress is included in the request. However, when only location attributes such as longitude and latitude are passed, the rule does not get triggered.

 

Environment

Symantec Advanced Authentication

Cause

The Risk Authentication server evaluates location-based risk only using the clientIPAddress.

All other location attributes, including longitude and latitude, are optional and ignored during rule evaluation. These fields are intended for use by external risk engines and are not processed by the Risk Authentication server.

Resolution

This behavior is working as designed.

  • Include clientIPAddress in the request to ensure risk rules are evaluated and triggered.
  • Latitude, longitude, and other location attributes will not influence rule evaluation within the Risk Authentication server.
  • If risk evaluation based on these attributes is required, use an external risk engine integration.
Powered by Wolken Software