Article Content
Article Number | 000037199 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x |
Issue | Trusted realm authentication fails with following error: Unable to resolve trusted user because multiple matching trusted users exist |
Cause | Authentication Manager trusted realm configuration allows duplicate user creation/addition to the trusted user list if the case in the user ID is different; for example, user.name vs User.Name, or as shown in the example below with bharath versus Bharath. If there is a user ID of user.name in Authentication Manager when a trusted realm is setup, and then you try to add a trusted realm user manually called user.name it will fail with the following message: Remote principal already exists
The /opt/rsa/am/server/imsTrace.log captures the following exceptions: 2019-02-13 14:13:51,141, [AgentProtocolServer Core Thread #1], (AbstractAuthRequestHandler.java:192), trace.com.rsa.authmgr.internal.protocol.ace.AbstractAuthRequestHandler, DEBUG, am82p.vcloud.local,,,,Principal resolution failure. Processing aborted. com.rsa.authmgr.internal.admin.principalres.PrincipalResolutionException: Unable to Resolve Principal:Unable to resolve remote principal because multiple matching remote principals exist |
Resolution | This issue will be resolved in RSA Authentication Manager 8.4 patch 2, which is being released shortly. |
Workaround | As a workaround, delete the trusted realm duplicate users manually.
|