Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000030957 - How to remove the attribute ID and attribute name appended to the user RADIUS attribute in RSA Authentication Manager

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000030957
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 7.1 and 8.1 Platform: Windows
Issue	When attribute is configured in Security Console > Identity > Users > Authentication Settings > RADIUS > RADIUS User Attributes, you may notice the attribute sent by RSA AM server to radius client has both attribute id and attribute name appended to the value. For example: If you select "11 - Filter-ID" from Attribute and set "policy_GRP_1" as value, the attribute contained in radius response message is "Filter-ID=ATTR11_Filter-ID=policy_GRP_1". If you select "18 - Reply-Message" from Attribute and set "GRP" as value, the attribute contained in radius response message is "Reply-Message=ATTR1_Reply-Message=GRP". But if you set a radius profile in Security Console > RADIUS > RADIUS Profiles, then link it with a user or agent. The attribute sent by RSA AM server to radius client just contains the value. For example: If you select "Filter-ID[M]" for Attribute and set "policy_GRP_I" as value, the attribute contained in radius response message is "Filter-ID=policy_GRP_1". The issue is that the attribute format of attribute_id+attribute_name+attribute_value may not be accepted by radius clients.
Resolution	There are settings which determin how the RADIUS attribute is returned and merging of the attributes from users/agents. It specifies whether just the attribute value is returned, or the attribute name, id and value. For AM 7.1, click on "Configuration" way over on the top right-hand corner of the Security Console. Then go to the "Authentication Manager" tab. the RADIUS policy settings are at the bottom. Check "Send user´s RADIUS attributes to the RADIUS server upon successful authentication", you will be able to set the RADIUS Attribute Format. Use the above example for reference, where "11 - Filter-ID" is Attribute and "policy_GRP_1" is set as value. With "Send attribute ID, attribute name, and attribute value", the return attribute is "Filter-ID=ATTR11_Filter-ID=policy_GRP_1". With "Send attribute name and attribute value", the return attribute is "Filter-ID=Filter-ID=policy_GRP_1". With "Send attribute value only", the return attribute is "Filter-ID=policy_GRP_1". For AM 8.1, the settings can be found from Security Console > Setup > System Settings > RADIUS.

Attachments

Outcomes

0 Comments

Recommended Content