000030700 - RADIUS server is sending return attribute from RSA Authentication Manager with a trailing value of  \000

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 29, 2018
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000030700
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager

IssueThe RADIUS server is sending a Vendor Specific Attribute (VSA) with a trailing value of  \000 or \0x00, as seen below:
User-added image

A sample line from a Vendor Dictionary File is as follows:

ATTRIBUTE Fortinet-Access-Profile FORTINET-VSA(6,           string) r

A packet capture from Wireshark or tcpdump show the return as follows:

VSA: l=12 t=Fortinet-Access-Profile(6): read_only\000
ResolutionModify the dictionary file to change the string value from string to stringnz.  By utilizing stringnz in this case the attribute being returned is set to not include the null values padding the attribute.

ATTRIBUTE Fortinet-Access-Profile FORTINET-VSA(6,           stringnz) r