Error "Authentication Failed (200104403-xxxxxxxxxxxxxxxx)" message with risk based contracts

  • 7016824
  • 07-Sep-2015
  • 07-Sep-2015

Environment

NetIQ Access Manager 4.1
Risk Based Authentication enabled

Situation

Access Manager setup and working well. Administrator wanted to test out risk based authentication and created a risk based setup. After protecting one of the Access Gateway protected resources with this risk based contract, users accessing that contract would see the following error on the browser:

Error:Authentication failed (200104403-C136F71C6489AD8E)

where C136F71C6489AD8E is the sessionID for that user and will change with every new user.

Looking at the catalina log files, one could see the following exception:

the same output ...
 
<amLogEntry> 2015-09-07T12:52:18Z DEBUG NIDS Application:
Method: RiskBasedAuthenticationClass.A
Thread: ajp-bio-127.0.0.1-9019-exec-16
User found and validating token for - ncashell </amLogEntry>
 
<amLogEntry> 2015-09-07T12:52:18Z SEVERE NIDS Application: AM#200104403: AMDEVICEID#C136F71C6489AD8E: AMAUTHID#21532E59FA415CB1CB8D92E1FDFABE39:  Error during authentication process: Unexpected error in processing </amLogEntry>
 
<amLogEntry> 2015-09-07T12:52:18Z INFO NIDS Application: AM#500105039: AMDEVICEID#C136F71C6489AD8E: AMAUTHID#21532E59FA415CB1CB8D92E1FDFABE39:  Error on session id 21532E59FA415CB1CB8D92E1FDFABE39, error 200104403-C136F71C6489AD8E, Authentication failed:Error during authentication process: AM#500105039: AMDEVICEID#C136F71C6489AD8E: AMAUTHID
#21532E59FA415CB1CB8D92E1FDFABE39: :java.lang.NullPointerException </amLogEntry>
 
<amLogEntry> 2015-09-07T12:52:18Z VERBOSE NIDS Application: Authentication method risk_method failed while executing the class com.novell.nam.nidp.risk.RiskBasedAuthenticationClass@5367ae9b </amLogEntry>

Resolution

Make sure that the contract associated with the protected resource includes a user identifying method eg. name/password form method, along with the risk based method. The risk based method must have the 'identify user' flag disabled.