This topic contains 2 replies, has 2 voices, and was last updated by  AJAY SURI 6 months, 2 weeks ago.

  • Author
  • #24603

    Hi All,

    I have a authentication chain used for login that uses JDBC –> Device ID –> RBA –> HOTP –> Device Save

    It works fine for every user created in the database with a corresponding profile in the embedded user store.

    I have a policy configured to step-up the authentication when the user tries to access certain resources (on Apache web server protected through a web agent). The policy requires users to authenticate through SMS OTP.

    For one user (demo), the step-up works fine as the OTP entered is accepted and user goes back to protected resource.

    For all my other users, SMS OTP is sent successfully during step-up process but when the user enters the OTP, AM doesnt redirect the user back to protected resource. I dont see any authentication error as well. The logs seem to suggest AM succesfully validated the OTP.


    Any idea why certain users wouldnt successfully be redirected back?

    AM version is 6.5
    Webagent is also the latest one available for 6.5 and Apache 2.4

    • This topic was modified 6 months, 3 weeks ago by  AJAY SURI.
    • This topic was modified 6 months, 3 weeks ago by  AJAY SURI.

    Is there any different Realm being used for your other users?

    Demo likely is in the global realm. Starting in Agents 5, the Agent always tries to send you to global realm. You need to use as an example:


    To redirect to a specific realm.


    Hi William

    Yes, all users in same realm.

    Initial login works fine for all users.

    Its only when step-up is enforced through HOTP for some sensitive resources that demo gets redirected successfully but others dont.


    Ajay Suri

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?