Skip to main content

No event or report

When there is no event or report entry for an known authentication attempt in the Native Web application, this indicates either:

Adaptive access report with no event data

Adaptive access policy

In an Adaptive access policy the Post authentication rules invoke an assessment.
Ensure you have

  1. Attached an Access policy with Adaptive access enabled to the application in either the IBM® Security Verify administration console or IBM® Security Verify Developer portal application.
    Enable Adaptive access policy for the application

  2. Enabled the Adaptive access checkbox in the policy
    Enable Adaptive access checkbox in the policy

Insufficient data

When Using the Proxy SDK to Authenticate a User the function adaptive.assessPolicy(context) requires a context similar to

var context = {
    sessionId : req.body.sessionId, // The session ID generated posted from the browser
    userAgent : req.headers['user-agent'], // The user-agent collected from headers
    ipAddress : req.ip // The IP address of the connection.
};

Ensure you have

  1. invoked the getSessionId() from the Browser SDK.
    Refer to Ensuring Collection Completes for details on how to invoke getSessionId() correctly.
  2. handled the "error":"adaptive_more_info_required" indicating there was insufficient or incorrect data provided in the context.
    Refer to Performing Recollection to handle the error from the Proxy SDK with the provided snippet.

Collection did not commence

When the Browser SDK is initialized on the login page, as described in Ensuring Collection Completes, if the collection does not start, no Session ID will be provided and the call to getSessionId() will not return the correct value.
Verify with the browser Developer Tools that the collection and detection has started.
These requests should be visible in Network tab and include a request to the frontend host (<snippet host>) and Snippet ID (<snippet ID>) configured in the Browser SDK that were generated during application onboarding in the IBM® Security Verify administration console or IBM® Security Verify Developer portal application.
For example https://d1anfu45urknyg.cloudfront.net/511843/aloads.js?dt=login&r=0.3289762412868322.
You should see additional JavaScript loaders requested, which may include

  • bits.js
  • main.js
  • tags.js

plus multiple other requests to the same frontend host with different URI paths as the collection continues.

Native Web application login. collection, detection and Session ID generation

If you do not see these requests, ensure you have

  1. hosted your Native Web application from the same domain name specified for Allowed domain when onboarding the application in either the IBM® Security Verify administration console or IBM® Security Verify Developer portal application
  2. correctly loaded the Browser SDK to start the Adaptive access collection and detection as described in Ensuring Collection Completes
  3. exposed the static resource as described in Hosting a Well-Known Static Resource

Collection did not complete

When the Browser SDK is initialized with startAdaptiveV1('<snippet host>', '<snippet ID>'); collection will commence.
Only once the promise for getSessionId() is returned with the Session ID should the login form be submitted.
If you submit the login form before a Session ID is available an "error":"adaptive_more_info_required" will be returned from the Proxy SDK (assessPolicy(context), refresh(context, refreshToken)).
Ensure you have

  1. updated your login page to ensure a Session ID is available from getSessionId() before the login form submission.
    Refer to options described in Ensuring Collection Completes.

Error response handling

When there is Insufficient data to complete an assessment an error status is returned. Unless additional assessment calls (assessPolicy(context), refresh(context, refreshToken)) are made, no event will be generated.
Only after a number of re-assessment calls have been made which were also unsuccessful will a Risk Service Unavailable event be generated. The Medium Risk level of the Adaptive access policy will be returned.
Other errors such as connection errors will also prevent the Proxy SDK from invoking the IBM Security Verify APIs and will return an error result.
Those errors should also be handled within the Native Web application.

Ensure you have

  1. handled the "error":"adaptive_more_info_required" indicating there was insufficient or incorrect data provided in the context.
    Refer to Performing Recollection to handle the error from the Proxy SDK with the provided snippet.
  2. checked the configuration parameters of your IBM Security Verify Adaptive Browser SDK.
    The startAdaptiveV1('<snippet host>', '<snippet ID>'); should contain the snippet host and snippet ID generated during application onboarding.
    Refer to onboarding the application in either the IBM® Security Verify administration console or IBM® Security Verify Developer portal application.
  3. checked the configuration parameters of your IBM Security Verify Proxy SDK.
    The tenantUrl, clientId and clientSecret passed to new Adaptive(<config>);.
    Refer to Adding the Proxy SDK to an Application Server.

Next: Risk Service Unavailable

Previous: Successful evaluation