What documentation should I get when my RSA credentials are failing when signing on with CA Advanced Authentication Mainframe?

Document ID : KB000015598
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Documentation required to debug an RSA  signon failure with CA Advanced Authentication.

Question:

What documentation should I get when my RSA credentials are failing when signing on with CA Advanced Authentication Mainframe?

Answer:

1) Turn on CA Advanced Authentication tracing within USS directory (RSA Prop file):

Configure tracing in RSA Properties File:
RSA_LOG_TO_FILE=YES
RSA_LOG_FILE=/MFASTC/directory/rsa_api.log
RSA_ENABLE_DEBUG=YES
RSA_DEBUG_ENTRY=YES
RSA_DEBUG_EXIT=YES
RSA_DEBUG_FLOW=YES
RSA_DEBUG_TO_FILE=YES
RSA_DEBUG_FILE=/MFASTC/directory/rsa_api_debug.log
Configure tracing by updating logback.xml in /MFASTC/directory.
<root level=“TRACE">

2) From RSA Security Console, turn on tracing:

under TAB: reporting-> real-time Activity Monitors -> Authentication Activity Monitor

3) Recycle the CA Advanced Authentication started task and recreate the problem.

4) Send me the rsa_api_debug.log which is located in “/vendor/tssaam/RSA”.
Note: It’s an ASCII format. FTP file with that same format.