SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000036224
Applies To
RSA Product Set: SecurID Access
Issue
When attempting to access the IDR-hosted application portal with additional authentication required (or an application in the portal that requires additional authentication) the following error occurs:
Image description
The /var/log/symplified/symplified.log includes a message like:
Authentication error
Image descriptionThe /var/log/symplified/symplified.log includes a message like:
2018-04-05/18:50:20.627/UTC [ajp-bio-8009-exec-7] WARN com.symplified.service.appliance.cloudmfa.CloudMFAUtils[37] - Failed strong authentication: AUTHN_ATTEMPT_ID_NOT_FOUND
The User Event Monitor shows an authentication failure with Authentication Details AUTHN_ATTEMPT_ID_NOT_FOUND.Cause
Possible causes are:
- The user is in an associated LDAP identity source but has not been synchronized to the Cloud yet.
- The user has been synchronized to the Cloud but a step-up authentication is required and the user is not registered for any of the allowed step-up authentication options.
- Two users in different identity sources are synchronized to the Cloud with the same user ID. A step-up authentication is required and at least one of the two users is not registered for any of the allowed step-up authentication options.
Resolution
First, use the Cloud Administration Console's User > Management page or run User Reports to check for user status, devices registered to a user, and to check for duplicate user id's. This will allow you to determine which possible cause applies.
Next, take the appropriate step below, depending on the cause of the issue, to ensure the user is correctly sync'd to the Cloud.
Lastly, ensure that the user has the ability to perform the required additional authentication. For example, see RSA SecurID Authenticate Device Registration Overview if approve (push notification) or authenticate tokencodes are allowable authentication methods, or ensure the user's correct telephone is registered for SMS or Voice Token Code authentication.
Next, take the appropriate step below, depending on the cause of the issue, to ensure the user is correctly sync'd to the Cloud.
- The user is in an associated LDAP identity source but has not been synced to the Cloud yet.
Follow the steps in Manually Synchronize an Identity Source for the Cloud Authentication Service to create a record of the user in the SecurID Access cloud service.
- The user has been synced to the Cloud but a step-up authentication is required and the user is not registered for any of the allowed step-up authentication options.
Ensure that the user has a device registered to perform the required additional authentication. For example, see RSA SecurID Authenticate Device Registration Overview if approve (push notification) or authenticate tokencodes are allowable authentication methods.
- Two users in different identity sources are sync'd to the Cloud with the same user id. A step-up authentication is required and at least one of the two users is not registered for any of the allowed step-up authentication options.
Delete the unwanted user from the Cloud Authentication Service, and from the identity source.
Lastly, ensure that the user has the ability to perform the required additional authentication. For example, see RSA SecurID Authenticate Device Registration Overview if approve (push notification) or authenticate tokencodes are allowable authentication methods, or ensure the user's correct telephone is registered for SMS or Voice Token Code authentication.
In this article
