000030957 - How to remove the attribute ID and attribute name appended to the user RADIUS attribute in RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030957
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 and 8.1 
Platform: Windows
IssueWhen attribute is configured in Security Console > Identity > Users > Authentication Settings > RADIUS > RADIUS User Attributes, you may notice the attribute sent by RSA AM server to radius client has both attribute id and attribute name appended to the value.
For example:
If you select "11 - Filter-ID" from Attribute and set "policy_GRP_1" as value, the attribute contained in radius response message is "Filter-ID=ATTR11_Filter-ID=policy_GRP_1". 
If you select "18 - Reply-Message" from Attribute and set "GRP" as value, the attribute contained in radius response message is "Reply-Message=ATTR1_Reply-Message=GRP". 
But if you set a radius profile in Security Console > RADIUS > RADIUS Profiles, then link it with a user or agent. The attribute sent by RSA AM server to radius client just contains the value.
For example:
If you select "Filter-ID[M]" for Attribute and set "policy_GRP_I" as value, the attribute contained in radius response message is "Filter-ID=policy_GRP_1". 

The issue is that the attribute format of attribute_id+attribute_name+attribute_value may not be accepted by radius clients.
ResolutionThere are settings which determin how the RADIUS attribute is returned and merging of the attributes from users/agents. It specifies whether just the attribute value is returned, or the attribute name, id and value.
For AM 7.1, click on "Configuration" way over on the top right-hand corner of the Security Console. Then go to the "Authentication Manager" tab. the RADIUS policy settings are at the bottom. Check "", you will be able to set the RADIUS Attribute Format. 
Use the above example for reference, where "11 - Filter-ID" is Attribute and "policy_GRP_1" is set as value.
With "
Send attribute ID, attribute name, and attribute value", the return attribute is "Filter-ID=ATTR11_Filter-ID=policy_GRP_1".
With "
Send attribute name and attribute value", the return attribute is "Filter-ID=Filter-ID=policy_GRP_1".
With "
Send attribute value only", the return attribute is "Filter-ID=policy_GRP_1".
For AM 8.1, the settings can be found from Security Console > Setup > System Settings > RADIUS.

 

Attachments

    Outcomes