Symantec Access Management

  • Private Community
 View Only

 MFPMISMATCH issue after Risk Authentication Versionup to 9.1.5.1

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Apr 22, 2025 06:04 AM

Hello,

After Risk Authentication Versionup from 9.0.0 to 9.1.5.1 in step-by-step ( (1) 9.0 -> 9.1SP2, (2) 9.1SP2 -> 9.1 SP5, (3) 9.1SP5 -> 9.1.5.1), "Increase Auth" occurs in several users beause of that user device information can not be gotten and MFPMISMATCH occurs. 

How we can resoluve that issue?
Please let me know if more information needs.


Risk Authentication 9.1.5.1 (Windows Server 2016)
riskminder-client.js in Risk Authentication 9.1.5.1


Sample of Analyze Transactions Report in no MFPMISMATCH
-------------------------------------------------------------------------------------------------------
  Device Type:Mac
  OS:Intel Mac OS X
  BROWSER:Chrome

VERSION:"2.2",
MFP:{
 "Browser":{
  "UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) PKeyAuth/1.0",
  "Vendor":"Apple Computer, Inc.",
  "VendorSubID":"",
  "BuildID":"20030107",
  "CookieEnabled":true
  },
...
 "System":{
  "Platform":"MacIntel",
...


Sample (1) of Analyze Transactions Report in MFPMISMATCH
-------------------------------------------------------------------------------------------------------
  Device Type:Others
  OS:(null)
  BROWSER:Chrome

VERSION:"2.2",
MFP:{
 "Browser":{
  "UserAgent":"macOS 15.4.1; arm_64, Google Chrome/135.0.7049.96, Mobile : false",
  "Vendor":"Google Inc.",
  "VendorSubID":"",
  "BuildID":"20030107",
  "CookieEnabled":true
  },
...
 "System":{
  "Platform":"MacIntel",
...


Sample (2) of Analyze Transactions Report in MFPMISMATCH
-------------------------------------------------------------------------------------------------------
  Device Type:Others
  OS:(null)
  BROWSER:Chrome

VERSION:"2.2",
MFP:{
 "Browser":{
  "UserAgent":"macOS 13.3.0; arm_64, Google Chrome/135.0.7049.96, Mobile : false",
  "Vendor":"Google Inc.",
  "VendorSubID":"",
  "BuildID":"20030107",
  "CookieEnabled":true
  },
...
 "System":{
  "Platform":"MacIntel",
...

Regards,

MARUBUN

Namish Tiwari's profile image
Broadcom Employee Namish Tiwari posted Apr 23, 2025 08:50 AM
Advanced Authentication now parses the User Hints to obtain more accurate user device information, when these hints are available. Advanced Authentication uses this information to:
Better analyze user risk
Display the most accurate information to enterprise customers in Advanced Authentication
    This update is applicable to JavaScript implementations only, and is supported on the Google Chrome 98 and higher and Microsoft Edge 106 and higher browsers over HTTPS.
    This is introduced in 9.1SP4 version. Please review this KB article which provides details of this change
    https://knowledge.broadcom.com/external/article?articleNumber=264722
      MARUBUN SUPPORT's profile image
      MARUBUN SUPPORT posted Apr 24, 2025 12:22 AM

      Hello Tiwari-san

      Thank you for your support.

      The KB article describes
      ... Users on the Chrome or Edge browser may be prompted for second-factor authentication the first time they log in after this change, even if they have chosen Remembered Device. As a result of this the users will be given INCREASEAUTH advice from the Risk Authentication product after upgrade to 9.1SP4. ...

      I understood a case of INCREASEAUTH advice caused by first login after this change.

      In my case, INCREASEAUTH advice had been given as a result of that an user is determined risky in every risk evaluations, because device information collection by Riskminder-client.js is failed.
      That user never caused this issue before the upgrade.

      Do you have any idea to solve this issue?
      Is there any environment or older version of browser which causes this issue, regarding any compatibility of JavaScript, etc.?

      Regards,

      MARUBUN

      MARUBUN SUPPORT's profile image
      MARUBUN SUPPORT posted Apr 25, 2025 04:05 AM

      Hi Tiwari-san,

      Do you have any update?

      The KB articl has been reviewed.
      The following is an additinal information as follows:

      When this issue, user environment is
      a) ARM architecture CPU based Mac: M1, M2, etc.
      b) INCREASEAUTH is occured every times if Chrome and Edge browsers.
      c) INCREASEAUTH is occured on only first login if Safari.
      d) Device Type in Report is 'Other'. 

      Also let me confirm the upgrade procedure please.
      Risk Authentication was upgraded from 9.0.0 to 9.1.5.1 in step-by-step ( (1) 9.0 -> 9.1SP2, (2) 9.1SP2 -> 9.1 SP5, (3) 9.1SP5 -> 9.1.5.1) , following the manuals below:

      https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/upgrading/upgrade-from-release-9-x/upgrade-to-9-1-sp2.html
      https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/upgrading/upgrade-from-release-9-x/upgrade-to-9-1-sp5.html
      https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/upgrading/upgrade-from-release-9-x/upgrade-to-9-1-5-1.html

      Is there any carefull point?
      Please let me know if there is any implicit setting, etc.

      Thanks,
      Koji

      Namish Tiwari's profile image
      Broadcom Employee Namish Tiwari posted Apr 28, 2025 11:56 AM

      Sorry about the delay. This needs more investigation and arcotriskfort.log is DEBUG mode for the analysis, will you please open a case and provide the details so we can review and get back to you.

      Thanks

      Namish

      MARUBUN SUPPORT's profile image
      MARUBUN SUPPORT posted Apr 29, 2025 10:22 PM

      Hi Namish-san,

      I have created a case: Ticket ID 36316251.

      Regards,

      Koji