IBM Security Verify

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Hi team, any update on this? I think this is a critical test of verifying if AAC module is working correctly or not and I am not able to complete it.  please help.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Open a support case if you want formal support. The community discussion forum is volunteer-based, with no SLA, and particularly with US thanksgiving on this week volunteers will be thin on the ground. FWIW this seems very much like a configuration problem or page template update issue (if the machine is an upgrade vs fresh install) rather than a product issue.

Hi team, any update on this? I think this is a critical test of verifying if AAC module is working correctly or not and I am not able to complete it.  please help.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Hi Everyone,

Following same cookbok as Narayan and experiencing exactly  same FBTAUT003E error.

Suggested fixes make no difference,

Would be nice if someone could update the cookbook.

Only difference is with  https://www.iamlab.ibm.com/mga/sps/authsvc/policy/password_eula I am getting:

Open a support case if you want formal support. The community discussion forum is volunteer-based, with no SLA, and particularly with US thanksgiving on this week volunteers will be thin on the ground. FWIW this seems very much like a configuration problem or page template update issue (if the machine is an upgrade vs fresh install) rather than a product issue.

Hi team, any update on this? I think this is a critical test of verifying if AAC module is working correctly or not and I am not able to complete it.  please help.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

For now try setting advanced configuration parameters sps.auto service.policyKickoffMethod to "both". 

Hi Everyone,

Following same cookbok as Narayan and experiencing exactly  same FBTAUT003E error.

Suggested fixes make no difference,

Would be nice if someone could update the cookbook.

Only difference is with  https://www.iamlab.ibm.com/mga/sps/authsvc/policy/password_eula I am getting:

Open a support case if you want formal support. The community discussion forum is volunteer-based, with no SLA, and particularly with US thanksgiving on this week volunteers will be thin on the ground. FWIW this seems very much like a configuration problem or page template update issue (if the machine is an upgrade vs fresh install) rather than a product issue.

Hi team, any update on this? I think this is a critical test of verifying if AAC module is working correctly or not and I am not able to complete it.  please help.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.

Hello Narayan,

We actually just helped another administrator with this via a support case.

In the latest versions of ISVA the AAC  component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.

You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula

This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.

If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.

For production environments it's recommended to use the value of 'path'.

This should resolve your issue.

Hello Narayan,

At later versions of the ISVA firmware the default authentication policies are disabled by default.

Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.

This should resolve your issue.