I have it "both".
Original Message:
Sent: Thu December 07, 2023 01:32 PM
From: Shane Weeden
Subject: Unable to Login using AAC Advanced Authentication Mechanism
For now try setting advanced configuration parameters sps.auto service.policyKickoffMethod to "both".
------------------------------
Shane Weeden
IBM
Original Message:
Sent: Thu December 07, 2023 10:31 AM
From: paul molenda
Subject: Unable to Login using AAC Advanced Authentication Mechanism
Hi Everyone,
Following same cookbok as Narayan and experiencing exactly same FBTAUT003E error.
Suggested fixes make no difference,
Would be nice if someone could update the cookbook.
Only difference is with https://www.iamlab.ibm.com/mga/sps/authsvc/policy/password_eula I am getting:
/sps/authsvc/policy/password_eula
------------------------------
paul molenda
Original Message:
Sent: Wed November 22, 2023 01:46 AM
From: Shane Weeden
Subject: Unable to Login using AAC Advanced Authentication Mechanism
Open a support case if you want formal support. The community discussion forum is volunteer-based, with no SLA, and particularly with US thanksgiving on this week volunteers will be thin on the ground. FWIW this seems very much like a configuration problem or page template update issue (if the machine is an upgrade vs fresh install) rather than a product issue.
------------------------------
Shane Weeden
IBM
Original Message:
Sent: Tue November 21, 2023 11:06 AM
From: Narayan Verma
Subject: Unable to Login using AAC Advanced Authentication Mechanism
Hi team, any update on this? I think this is a critical test of verifying if AAC module is working correctly or not and I am not able to complete it. please help.
------------------------------
Narayan Verma
Original Message:
Sent: Wed November 08, 2023 01:37 PM
From: Narayan Verma
Subject: Unable to Login using AAC Advanced Authentication Mechanism
sps.authService.policyKickoffMethod was already set to query... anyway I set it to both...but the error still persists.
Also, accessing https://www.iamlab.ibm.com/mga/sps/authsvc/policy/password_eula gives a similar error:
User error
FBTAUT003E Authentication service receives invalid policy ID [urn:ibm:security:authentication:asf:password_eula]. Ensure that the policy with the specified ID exist. Please re-access the protected resource.
/sps/authsvc/policy/password_eula
2023-11-08T18:34:44Z
Error details
Stack trace
Original Message:
Sent: 11/7/2023 7:12:00 PM
From: JACK YARBOROUGH
Subject: RE: Unable to Login using AAC Advanced Authentication Mechanism
Hello Narayan,
We actually just helped another administrator with this via a support case.
In the latest versions of ISVA the AAC component has the Advanced Configuration property 'sps.authService.policyKickoffMethod' set to 'path' by default to enhance security posture.
You should be able to call the policy using a URL like: https://<rp>/mga/sps/authsvc/policy/password_eula
This allows for ACLs to be attached to the specific policies and is the strategic way forward to call AAC policies directly at the authentication service.
If you want to follow the cookbook exactly then you can change the value of 'sps.authService.policyKickoffMethod' to 'query' or preferably 'both'.
For production environments it's recommended to use the value of 'path'.
This should resolve your issue.
------------------------------
JACK YARBOROUGH
Original Message:
Sent: Tue November 07, 2023 01:11 PM
From: Narayan Verma
Subject: Unable to Login using AAC Advanced Authentication Mechanism
Thank you Jack, I tried this but it didn't work for me. I'll try it with a fresh configuration as well.
Original Message:
Sent: 11/7/2023 12:07:00 PM
From: JACK YARBOROUGH
Subject: RE: Unable to Login using AAC Advanced Authentication Mechanism
Hello Narayan,
At later versions of the ISVA firmware the default authentication policies are disabled by default.
Please navigate to 'AAC -> Policy -> Authentication' and filter for 'End', select the End User License Agreement authentication policy and after that use the 'Enable' button to enable that policy.
This should resolve your issue.
------------------------------
JACK YARBOROUGH
Original Message:
Sent: Tue November 07, 2023 10:26 AM
From: Narayan Verma
Subject: Unable to Login using AAC Advanced Authentication Mechanism
User error
FBTAUT003E Authentication service receives invalid policy ID [urn:ibm:security:authentication:asf:password_eula]. Ensure that the policy with the specified ID exist. Please re-access the protected resource.
/sps/authsvc
2023-11-07T15:18:06Z
Error details
Stack trace
Could you please confirm what I might have missed in configuration or misconfigured?
Thanks!
------------------------------
Narayan Verma
------------------------------