IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
At later versions of the ISVA firmware the default authentication policies are disabled by default.
Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.
This should resolve your issue.
Thank you Jack, I tried this but it didn't work for me. I'll try it with a fresh configuration as well.
We actually just helped another administrator with this via a support case.
In the latest versions of ISVA the AAC component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.
You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula
This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.
If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.
For production environments it's recommended to use the value of 'path'.
sps.authService.policyKickoffMethod was already set to query... anyway I set it to both...but the error still persists.
Also, accessing https://www.iamlab.ibm.com/mga/sps/authsvc/policy/password_eula gives a similar error:
FBTAUT003E Authentication service receives invalid policy ID [urn:ibm:security:authentication:asf:password_eula]. Ensure that the policy with the specified ID exist. Please re-access the protected resource.
Hi team, any update on this? I think this is a critical test of verifying if AAC module is working correctly or not and I am not able to complete it. please help.
Open a support case if you want formal support. The community discussion forum is volunteer-based, with no SLA, and particularly with US thanksgiving on this week volunteers will be thin on the ground. FWIW this seems very much like a configuration problem or page template update issue (if the machine is an upgrade vs fresh install) rather than a product issue.
Following same cookbok as Narayan and experiencing exactly same FBTAUT003E error.
Suggested fixes make no difference,
Would be nice if someone could update the cookbook.
Only difference is with https://www.iamlab.ibm.com/mga/sps/authsvc/policy/password_eula I am getting:
For now try setting advanced configuration parameters sps.auto service.policyKickoffMethod to "both".
I have it "both".