Cannot use IP subnets with Risk Based authentication without getting errors

  • 7016376
  • 01-Apr-2015
  • 01-Apr-2015

Environment

NetIQ Access Manager 4.1

Situation

When you configure an IP Address Rule using IP Subnet Condition the rule execution fails even though the IP subnet is valid. Instead of getting the risk score one would expect, the IP subnet address check fails when it should succeed and no risk score is added. Looking at the catalina when the error occurs shows the following exception:

amLogEntry> 2015-04-01T09:19:17Z DEBUG NIDS Application:
Method: RiskBasedAuthenticationClass.doAuthenticate
Thread: http-nio-147.2.92.90-8443-exec-3
************** Enable History = null </amLogEntry>

<amLogEntry> 2015-04-01T09:19:17Z INFO NIDS Application: AM#500199030: AMDEVICEID#5E95A6B3500FB5F1 - (getDefaultRole) - Role: 'authenticated' is returned for id: 12345678 </amLogEntry>

<amLogEntry> 2015-04-01T09:19:17Z SEVERE NIDS Application: Exception message: "Invalid argument 144.22.0.0/16"

Resolution

Known issue. Workaround is to use the IP address range instead of IP subnet option for IP address checked eg. IP subnet 144.22.0.0/16 would become IP range 144.22.0.1 - 144.22.255.254

Feedback service temporarily unavailable. For content questions or problems, please contact Support.