000031057 - HelpDesk Admin Portal logon fails in RSA Authentication Manager Prime

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031057
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager Prime
RSA Version/Condition:  All versions
IssueHelpDesk Admin Portal (HDAP) log file reports:
 
2015-08-26T11:21:05,303+1000,70953139 [http-bio-8282-exec-6] ERROR com.rsa.pso.lap.web.UtilityBean  -  getPermissions() => hdapadmin is not assigned to any administrative roles that support allow access to hdap. Contact your administrator to grant access to hdap 
2015-08-26T11:21:05,303+1000,70953139 [http-bio-8282-exec-6] ERROR com.rsa.pso.lap.web.UtilityBean  - Exception occured sending status code 403/com.rsa.pso.exception.UnAuthorizeException: You are not authorized to view this page
2015-08-26T11:21:05,303+1000,70953139 [http-bio-8282-exec-6] ERROR com.rsa.pso.lap.web.UtilityBean  - Exception occured sending status code 403/java.lang.Exception

HelpDesk Admin Portal (HDAP) logon fails with a message 'You are not authorized for the operation.'
Example:
User-added image
CauseHelpDesk Admin Portal (HDAP) use authentication manager administrative roles defined in the Security Console to map claims for HDAP administrative users. The role names defined in the <HDAP_home>/config/lapProto.xml file do not must match the administrative roles defined in the Security Console.
ResolutionWith an administrative account for the Security Console add the administrative role that matches the name of the role name used by the Helpdesk Admin Portal.
Example:
User-added image
An administrative role is a collection of permissions that can be assigned to an administrator. A role determines what level of control the administrator has over users, user groups, and so on. You can add administrative roles to your deployment, and assign these roles to users. If you assign multiple administrative roles to a user, the permissions are combined.
Before You Begin
To create an administrative role, you must have an administrative role that:

  • Grants permission to create administrative roles.
  • Includes the permissions he or she wants to add to the new administrative role.
  • Allows the administrator to delegate the permissions granted to his or her role. This is determined by the Permission Delegation setting for the role assigned to the administrator who is creating the role.
Procedure
  1. In the Security Console, click Administration > Administrative Roles > Add New.
  2. In the Administrative Role Name field, enter a name for the new administrative role.
  3. (Optional) If you want to allow administrators to delegate their role permissions to other administrators, select Permission Delegation.
  4. In the Security Domain Scope tree, select the security domains in which the new administrative role grants permissions.
  5. In the Identity Source Scope field, select the identity sources where you want this administrative role to grant permissions.
  6. Click Next.
  7. Assign general permissions to the administrative role.
  8. (Optional) To restrict attributes, in the User Attribute Restriction field, select May only access specific attributes. An Attributes drop-down menu appears. Select Modify, View, or None for each attribute. If you select None, the attribute is hidden.The value in this field must be consistent with the value specified in the Entry Type field on the Add an Identity Attribute Definition page. If the attribute definition is read-only, do not select Modify for the User Attribute Restriction. If the attribute definition is required, do not specify View or None in the User Attribute Restriction. If you do, you cannot add the role.
  9. Click Next.
  10. Assign authentication permissions to the administrative role.
  11. Click Next.
  12. Assign self-service permissions to the administrative role.
  13. Click Next.
  14. Use the Security Domain drop-down menu to select the security domain that is associated with the administrative role.
  15. Review the summary of the administrative role, and click Save.
NotesContacting RSA Customer Support
TelephoneFor urgent issues use on of the telephone numbers listed at URL http://www.emc.com/support/rsa/contact/phone-numbers.htm 
EmailFor non-urgent issues email support@rsa.com
Case
   Management
Case Management is found at URL https://knowledge.rsasecurity.com/scolcms/mysupport.aspx
   (requires access to RSA SecurCare Online)

Attachments

    Outcomes