Cannot use IP subnets with Risk Based authentication without getting errors

  • 7016376
  • 01-Apr-2015
  • 01-Apr-2015


NetIQ Access Manager 4.1


When you configure an IP Address Rule using IP Subnet Condition the rule execution fails even though the IP subnet is valid. Instead of getting the risk score one would expect, the IP subnet address check fails when it should succeed and no risk score is added. Looking at the catalina when the error occurs shows the following exception:

amLogEntry> 2015-04-01T09:19:17Z DEBUG NIDS Application:
Method: RiskBasedAuthenticationClass.doAuthenticate
Thread: http-nio-
************** Enable History = null </amLogEntry>

<amLogEntry> 2015-04-01T09:19:17Z INFO NIDS Application: AM#500199030: AMDEVICEID#5E95A6B3500FB5F1 - (getDefaultRole) - Role: 'authenticated' is returned for id: 12345678 </amLogEntry>

<amLogEntry> 2015-04-01T09:19:17Z SEVERE NIDS Application: Exception message: "Invalid argument"


Known issue. Workaround is to use the IP address range instead of IP subnet option for IP address checked eg. IP subnet would become IP range -