Problem logging in WC with PassPhrase

Document ID : KB000114883
Last Modified Date : 14/09/2018
Show Technical Document Details
Question:
We are having an issue trying to log onto CA Vantage on xxxx. For some reason we can log onto all lpars within the plex, except for this one.
We have changed our security environment to use two factor authentication. When we enter the credentials we receive message that the password
is not authorized. In the started task, we see message VAN0853E.
Answer:
[L2 resolution info]
[Note: Job, User, Appl and Group names listed are examples only.]
I can use PIN TOKEN method and passphrase (PIN+Token) methods in one case.
On the other hand, when I have some parameters or profiles wrongly defined, only passphrase accepted (PIN+Token).
The problem that occurred is related to APPL name profile that Vantage is running under.

I can see that your Vantage running under USER profile SAM#PRD and some GROUP.
IEF695I START SAMSPRD WITH JOBNAME SAMSPRD IS ASSIGNED TO USER SAM#PRD, GROUP G0051768

Please add this to Vkgparms of SYSG and restart Vantage.
SECURPTK (Y)
SECURAPP (SAM#PRD)

Please add this to Vkgparms of your second Vantage SYS6 and restart. The XXXXXXXX is name of profile under SYS6 Vantage.
SECURPTK (Y)
SECURAPP (XXXXXXXX)

SECURAPP is related to APPL resource NAME profile in SAF. If there is some conflict in settings,
the only passphrase accepted is PIN+TOKEN. This behavior is in accordance with MFA principles.