000030957 - Remove the attribute ID and attribute name appended to the user RADIUS attribute in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 9, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030957
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

When an attribute is configured in Security Console under Identity > Users > Authentication Settings > RADIUS > RADIUS User Attributes, you may notice the attribute sent by RSA Authentication Manager to RADIUS client has both an attribute ID and an attribute name appended to the value.

For example:

  • If you select 11 - Filter-ID" from Attribute and set "policy_GRP_1 as the value, the attribute contained in RADIUS response message is:


  • If you select 18 - Reply-Message from Attribute and set GRP as the value, the attribute contained in RADIUS response message is:


On the other hand, if you set a RADIUS profile in RADIUS > RADIUS Profiles, then link it with a user or agent, the attribute sent by RSA Authentication Manager to RADIUS client contains just the value.  For example, if you select Filter-ID[M] for Attribute and set policy_GRP_I as the value, the attribute contained in RADIUS response message is:


The issue is that the attribute format of attribute_id+attribute_name+attribute_value may not be accepted by RADIUS clients.

TasksYou can change the configuration in the Security Console to determine how the RADIUS attribute(s) are returned. The configuration specifies whether just the attribute value is returned, or the Attribute Name + ID +  Value.

For RSA Authentication Manager 7.1, see steps provided in the Notes section, below.

For Authentication Manager 8.x:

  1. Login to the Security Console.
  2. Navigate to Setup > System Settings > RADIUS.
  3. Check the option to 
  4. You can then set the RADIUS Attribute Format. Select one of three options. Use the above example for reference, where 11 - Filter-ID is Attribute and policy_GRP_1 is set as value.
    1. Send attribute ID, attribute name, and attribute value


  1. Send attribute name and attribute value


  1. Send attribute value only


  1. Click Save when done.