VIP does not send a PUSH or validate with OTP when ADFS JavaScript is enabled.
search cancel

VIP does not send a PUSH or validate with OTP when ADFS JavaScript is enabled.

book

Article ID: 164459

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

For security reasons, we require additional information to verify your account.

Authentication failed due to invalid security code or server error. If there are many unsuccessful login attempts, your account will be locked.

To troubleshoot, enable debug viewing in the browser (i.e., press F12), then try again to capture the data. In the console logs, you may see an Invalid ID Mapping error. 

Cause

VIP authenticates users when ADFS-specific JavaScript is disabled. When JavaScript is enabled, authentication fails both for PUSH notification and security code.

Note: Please refer to the most current configuration guide for AD FS. The assumption with this scenario is that this error occurs when using the latest version of the VIP AD FS plugin (9.9.0 or later). 

Resolution

The JavaScript is being hindered by the VIP Cloud component Enterprise login ID mapping.  To resolve:

  1. Check that the JavaScript code matches the version of ADFS being used (see the user's guide). 
  2. Log into VIP Manager, navigate to Policies, then the Components tab.
  3. Click edit on the top right, then select no on Enable enterprise Login ID mapping (see image below). Click Save.  
  4. Click the Account sub-tab, then click edit in the top-right. 
  5. Locate the VIP Integration Code for JavaScript section, then enter the domain name(s) the request is being sent from. (For example, https://adfs.example.com).
  6. Click Save, then click the VIP Integration Code for JavaScript link to obtain your VIP integration code.  

To test the changes, close all existing browser windows, then open a private or incognito browser to test the ADFS login.