Hello,
we have the following situtation/Usecase/problem:
Situation: SecureLogin with AAF integration for the use of MFA via "Reauthentication" to secure applications (fingerprint)
UseCase: User wants to log in to an application -> SecureLogin triggers reauthentication via AAF -> the user must log in with a fingerprint via AAF
Problem: When calling up the AAF via "Reauthentication", the message "No chains found" is displayed. However, the corresponding method/chain is enrolled in the AAF enrollment portal and can also be used to login in the portal.
Any special notes:
The customer probably has quite strong security settings active on the Windows client. Be it GPOs or additional safeguards.
In general, the fingerprint recognition is not always clean, even in the AAF itself it does not always work, but basically it works. Only when the call is made via SecureLogin/Reauthentication does it not seem to be able to recognize the chains properly.
The chain itself in the AAF also only consists of the fingerprint and nothing else. Likewise, if I adjust the AAF event stored in the SecureLogin (add/remove chain), the SecureLogin recognizes that other chains are now available for selection.
The SecureLogin endpoint in the AAF is also updated cleanly if you do something in this direction (attribute: LastSession)
The log files are not very helpful, on AAF site I don't find any entries and in the SSODebug Log I can only find:
T(03/08/24 09:24:10) AASDKLite T1984:AbortDASCardWait:DAS Card Wait Abort result - -2.
T(03/08/24 09:24:10) AASDKLite T1984:slSDKReauthenticate: Prompting end user to Enter their Credentials
T(03/08/24 09:24:10) AASDKLite T1984:slSDKReauthenticate: username - 2fa.testuser, chain - Dummy_Fingerprint.
Does anyone have any ideas about which logs I could take a closer look at to find a possible error, or any general experience with this use case?
Or, do certain settings have to be active for the fingerprint to be usable with SecureLogin?
Thanks
Best Regards
Tobias