Hello Venkat and Others,
The FBTAUT004E means a few things:
A) A request was made to the '/authsvc' or '/apiauthsvc' endpoint and contained a StateID that was invalid
- EG : StateId=blah
B) A request was made to the '/authsvc' or '/apiauthsvc' endpoint with a valid StateID but it went to a different JVM and you're not sharing sessions between the JVM
C) A request was made to the '/authsvc' or '/apiauthsvc' endpoint, it has a valid StateID and it went to the same JVM but the JSESSSIOND cookie is missing
D) A request was made to the '/authsvc' or '/apiauthsvc' endpoint, it has a valid StateID and it went to the same JVM with a JSESSIONID cookie but it's invalid
- EG: It came from a different app that has the same cookie name
Resolution to the above
1) Use the cookieless solution as described here:
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/config/task/tsk_config_aac_cookieless.html
2) Change the AAC Cookie name with the following advanced tuning parameter:
Key : runtime_profile.liberty_option.httpSession.cookieName
Value : AACJSESSIONID (or anything unique you want to use)
3) Share JSESSIONID via the DSC with the following advanced configuration parameter:
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/config/reference/ref_aac_advcfgprop.html#aac_advcfgprop__d179e1910
distributedSessionCache.enabled
= true
Any and all of these combined make for a more robust implementation of AAC in a clustered environment.
------------------------------
JACK YARBOROUGH
------------------------------
Original Message:
Sent: Thu February 11, 2021 03:09 PM
From: Venkat V
Subject: FBTAUT004E Authentication service receives invalid state ID
Hi Tony, I am facing the same issue, any fix provided by IBM on this issue?
------------------------------
Venkat
Original Message:
Sent: Tue February 02, 2021 03:15 AM
From: Tony Larsson
Subject: FBTAUT004E Authentication service receives invalid state ID
Hello Sylvain,
Sadly no. The PMR is still ongoing and L3 is currently investigating.
Our workaround seems to work for now at least, as we have not heard of any problems from end-users.
Regards,
Tony
------------------------------
Tony Larsson
Original Message:
Sent: Mon February 01, 2021 04:25 PM
From: Sylvain Gilbert
Subject: FBTAUT004E Authentication service receives invalid state ID
Hi Tony – Is there anything valuable (remediation, configuration, custom code, etc) that came out of the PMR opened with IBM on this subject to handle more gracefully authsvc invalid state ID messages ? Besides what has been shared so far on this discussion thread.
------------------------------
Sylvain Gilbert
Original Message:
Sent: Tue October 27, 2020 05:22 AM
From: Tony Larsson
Subject: FBTAUT004E Authentication service receives invalid state ID
Hi,
We are facing the exact same issue and currently have a PMR up for this.
We are using a workaround in our QA environment that works. But it can give an potential issue with stale cookies according to IBM.
- In WRP Configuration:
#managed-cookies-list = *ac.uuid,*JSESSIONID*
managed-cookies-list = *ac.uuid
David: Could you elaborate how this solved the issue? Any help is appreciated.
Regards,
Tony
------------------------------
Tony Larsson
Original Message:
Sent: Mon October 26, 2020 11:26 AM
From: David Vicenteño
Subject: FBTAUT004E Authentication service receives invalid state ID
Hi Ivan, I afronted the same issue some months ago, what helped me was modifying my login html page to automatically refresh itself every minute.
I hope it helps you too.
Regards.
------------------------------
David Vicenteño
Original Message:
Sent: Mon October 26, 2020 08:31 AM
From: Ivan Goncharov
Subject: FBTAUT004E Authentication service receives invalid state ID
Hello
We have ISAM Webseal 9.0.7.0 (EAI) + AAC (INFOMAP)
We implemented FormBased authentication using INFOMAP Mechanism and sometimes the user gets an error during authentication
"FBTAUT004E Authentication service receives invalid state ID [db3688c0-5d89-4414-b4a1-8af0cf330f4f]. Ensure that you do not use back button on the browser or perform multiple authentication processes in the same browser. Please re-access the protected resource"
Is there an easy way to fix this error?
------------------------------
Ivan Goncharov
------------------------------