|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 and 8.1
|Issue||When attribute is configured in Security Console > Identity > Users > Authentication Settings > RADIUS > RADIUS User Attributes, you may notice the attribute sent by RSA AM server to radius client has both attribute id and attribute name appended to the value.|
If you select "11 - Filter-ID" from Attribute and set "policy_GRP_1" as value, the attribute contained in radius response message is "Filter-ID=ATTR11_Filter-ID=policy_GRP_1".
If you select "18 - Reply-Message" from Attribute and set "GRP" as value, the attribute contained in radius response message is "Reply-Message=ATTR1_Reply-Message=GRP".
But if you set a radius profile in Security Console > RADIUS > RADIUS Profiles, then link it with a user or agent. The attribute sent by RSA AM server to radius client just contains the value.
If you select "Filter-ID[M]" for Attribute and set "policy_GRP_I" as value, the attribute contained in radius response message is "Filter-ID=policy_GRP_1".
The issue is that the attribute format of attribute_id+attribute_name+attribute_value may not be accepted by radius clients.
|Resolution||There are settings which determin how the RADIUS attribute is returned and merging of the attributes from users/agents. It specifies whether just the attribute value is returned, or the attribute name, id and value.|
For AM 7.1, click on "Configuration" way over on the top right-hand corner of the Security Console. Then go to the "Authentication Manager" tab. the RADIUS policy settings are at the bottom. Check "Send user´s RADIUS attributes to the RADIUS server upon successful authentication", you will be able to set the RADIUS Attribute Format.
Use the above example for reference, where "11 - Filter-ID" is Attribute and "policy_GRP_1" is set as value.
With "Send attribute ID, attribute name, and attribute value", the return attribute is "Filter-ID=ATTR11_Filter-ID=policy_GRP_1".
With "Send attribute name and attribute value", the return attribute is "Filter-ID=Filter-ID=policy_GRP_1".
With "Send attribute value only", the return attribute is "Filter-ID=policy_GRP_1".
For AM 8.1, the settings can be found from Security Console > Setup > System Settings > RADIUS.