Adaptive Auth settings not saving

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected: 9.2

    Description:

    After upgrading to 9.2, adaptive auth settings do not save. 

     

    Cause:

    The Admin Api and AnalyzeAPI realms are running with a different AnalyzeAPIAppID and AppKey to the rest of the realms.


    Resolution:

    Before proceeding, first check that the following folders and files exist:

    D:\SecureAuth\AnalyzeApi\web.config

    D:\SecureAuth\Api\web.config

    If they do not then please stop and contact Support as the Updater will need to be run on the affected IdP to add these folders.

     

    Check a few realms to see if it is one realm with the problem or all realms. 

    If it is one realm, you'll need to match the AnalyzeApiAppId, AnalyzeApiAppKey and servercertsn from a working realm to the broken realm.

    If all realms fail, update the Admin Api and Analyze Api realms with the correct AppID and AppKey and servercertcn

    Note: Before proceeding see the section below on how to list the current AnalyzeApi settings for all realms.

    1. Open the Admin Console

    2. Click Tools | Decrypt Web Config

    3. Select "Admin Api" "Analyze Api" and the realm you're trying to update and click Decrypt

    4. Navigate to D:\SecureAuth\AnalyzeApi and take a backup of the Web.config


    5. Navigate to D:\SecureAuth\Api and take a backup of the Web.config

    6. Open D:\SecureAuth\SecureAuthX\web.config and make a note of the AnalyzeApiAppId, AnalyzeApiAppKey and servercertsn

    7. Edit D:\SecureAuth\AnalyzeApi\Web.config

    8. Match the AnalyzeApiAppId (from SecureAuthX in step 6) to Api.AppId ,

    AnalyzeApiAppKey (from SecureAuthX in step 6) to Api.AppKey

    ServerCertSN and ServerCertSN

    9. Edit D:\SecureAuth\Api\Web.config

    10. Match the AnalyzeApiAppId (from SecureAuthX in step 6) to AnalyzeApiAppId,

    AnalyzeApiAppKey (from SecureAuthX in step 6) to AnalyzeApiAppId

    ServerCertSN and ServerCertSN

     

    Special Considerations (optional as needed):  

    If following the above steps still does not work, verify that the machineKey key in SecureAuth0\web.config is an exact match with API\web.config

    Comparing web.configs:

    If elements are missing in one of the web.configs, you may encounter the following error in AdminApiLogs:

    And still see that Adaptive Authentication Threat Services are missing, nor can you save Adaptive Authentication settings.  If so, please go back and make sure the Forms name and machineKey elements match between the 2 web.configs.

     

    Verify that the API webconfig has this appsetting along with the ServerCertSN
    <add key="WCFClientCertSN" value="servercertsn" />

     

    Procedure for listing current AnalyzeApi settings for all realms:

    1. First Decrypt all realms.

    2. Run the following Powershell command to list the current settings for AnalyzeApiAppId, AnalyzeApiAppKey and ServerCertSN for all realms (including Api realm):

    gci D:\SecureAuth\SecureAuth*\web.config,D:\SecureAuth\Api\web.config | %{$name = $_.fullname; get-content $_ | ?{$_ -match "AnalyzeApiApp|ServerCertSN|validationKey|decryptionKey"} | %{"$name $_"}}

    3. Run the following Powershell command to list the current settings for Api.AppId and Api.AppKey for the AnalyzeApi realm:

    gci D:\SecureAuth\AnalyzeApi\web.config | %{$name = $_.fullname; get-content $_ | ?{$_ -match "Api.App|ServerCertSN|validationKey|decryptionKey"} | %{"$name $_"}}

     

     


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    1 comment
    • Simon, its mentioned that "If all realms fail, update the Admin Api and Analyze Api realms with the correct AppID and AppKey and servercertcn"

      Where do I get the correct AppID and AppKey and servercertcn from?

      Thanks,
      Aish

      1
      Comment actions Permalink

    Please sign in to leave a comment.