Sec/User Mgmt: Troubleshooting

Document created by RSA Information Design and Development Employee on Jan 30, 2020Last modified by RSA Information Design and Development Employee on Apr 23, 2020
Version 4Show Document
  • View in full screen mode
 

This topic provides information about possible issues that NetWitness Platform users may encounter when configuring the System Security and User Management settings in NetWitness Platform. You can look up explanations of issues and their solutions.

Users are able to create a password of 8-chracters or less despite the configured minimum password length of 9 characters in Version 11.3

                 
ProblemSolutions

When NetWitness Platform was upgraded from 11.2 and previous versions to Version 11.3, the administrator did not set the minimum password length to 9 characters.

    In 11.2 and earlier versions, the minimum password length is 8. The minimum password length changed to 9, in Versions 11.3. If you upgrade or update from earlier versions to 11.3, users can still create a password of 8 characters until you explicitly set the minimum password length to 9 characters as described in Configure Password Complexity.

Unable to edit the user attributes when two usernames are same but differs in case-sensitivity.

                 
ProblemSolutions

In Active Directory, when there are two user profiles with same username but differs only in case sensitivity, then not able to edit the user attribute for that user profile. For example, user1 has username "john" and user2 has username "JOHN".

1. Delete the duplicate profile in ADMIN > Security > Users tab. You can now edit the user attribute.
or
2. Disable the case sensitivity for the usernames. To do this, go to ADMIN > Security > Settings tab, in Security Settings section, clear the Usernames are case sensitive checkbox.

Unable to log in to NetWitness Platform using SSO

                                 
ProblemSolutions

When the Administrator configures the SSO incorrectly and is unable to log in to NetWitness Platform.

Manual Steps to Disable SSO

To resolve this issue you must disable SSO manually, using the following commands:

  1. SSH to admin server node.
  2. Connect to nw-shell.
  3. Connect to admin server service using the connect --service admin-server command.
  4. Log in to admin server using the login command.
  5. Enter the admin username and password.
  6. Execute the following commands:
  • cd /rsa/security/authentication/web/saml/sso-enabled
  • set false
  • logout
  • exit
  • systemctl restart rsa-nw-admin-server

A view of the commands to disable SSO.

Unable to connect to IDP and request session has timed out
  • Check if the admin server is able to reach the specific IDP metadata URL.
  • Check if the IDP can be to accessed over the internet, if not configure the proxy and try again.

SSL handshake failed as the certificate is not verified

  • Enable the trust-all-certs-for-idp-metadata flag in the explorer view of admin-server by navigating to RSA>Security>Authentication>Web>SAML.
  • Import the SSL certificate of the IDP metadata server to the JVM trust store, run the command keytool -import -trustcacerts -file /root/selfsignedadfs.cer -alias selfsignedcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64/jre/lib/security/cacerts on the Admin node.
SSL handshake failed as the hostname is not verified
  • Check the IDP metadata server's SSL certificate has a valid DN and matches the server hostname.
  • Enable the trust-all-certs-for-idp-metadata flag in the explorer view of admin-server by navigating to RSA>Security>Authentication>Web>SAML.

Fail over IP address changed

Perform the following manual steps to configure the new IP address.

1. Disable SSO using nw-shell after failover from new IP. For more information, see Manual Steps to Disable SSO

2. Generate the new metadata and reupload it in ADFS. For more information, see see the Configure SAML 2.0 provider settings for portals topic in Microsoft documentation.

Next Topic:References
You are here
Table of Contents > Troubleshooting

Attachments

    Outcomes