000029980 - What type of users are listed in Active User Session list?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029980
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: VMware
Platform (Other): Patch 1
O/S Version: ESXi 5.0
Product Name: Authentication Manager
Product Description: AM 8.1 SP1 Patch 1
IssueLog into the security console then click on Access --> Active User Sessions, it's showing non admins here, users that are non admins who logged into the self service console and users who are non admin that logged in via Radius clients. This is not expected behavior according to our documentation.

In the Security Console, you can close user sessions for users currently logged on to the Security Console or to protected resources.

The help menu mentions protected resources. It is not clear what protected resources? All users are authenticating from protected resources.Users authenticating from RSA Authentication Agents do not appear, but users authenticating from radius clients appear in active user sessions.

The online help menu:

In the Security Console, you can close user sessions for users currently logged on to the Security Console or to protected resources.

Each time an administrator logs on to the Security Console, Operations Console, or Self-Service Console, the following sessions are created:

Logon Session

EAP32 Session Lifetime

Console and Command API Session

Up to ten administrators can be logged on at the same time.
You can create different sets of session attributes for the primary instance and the replica instance.
Logon Session

Logon Session
Logon Session settings control the lifetime for sessions that are abandoned or have not completed the authentication process. These sessions affect the following types of logon sessions:

Security Console (administrators)

Operations Console (administrators)

Self-Service Console (non-administrative)

Users who are authenticating through risk-based authentication (non-administrative)
The defaults for these settings are three minutes idle time-out and eight minutes of total lifetime.

ResolutionA doc defect AM-28807 is open to make changes to online help. 
Below are the scenarios in which users will appear in the active user sessions list: 
1. Admins logged in to Security Console 
2. Super admin authenticating in the operations console for operations that require super admin privilege 
3. Admin logged in to "RSA Token Management" through MMC in the active directory 
4. Users logged in to Self Service Console 
5. Users logged in via Radius Client 
6. Users logged in through self-service console using web tier 
7. RBA users logged in through ssl-vpn agent. (User will be displayed as <Abandoned/in-progress>) 
8. Admin connecting through SDK 
Authenticating SourceTracked in "Active User Sessions"?
Users logged in to Self Service ConsoleYes
Users logged in via Radius ClientYes
Users logged in via RSA Authentication AgentsNo
Users logged in to Operations ConsoleNo
Users logged in to Security ConsoleYes