000016759 - AxM user properties not exported to http header. Error 'Missing value for AUTHENTICATION_TYPE in user map'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016759
Applies ToRSA Access Manager 6.1.3
RSA Access Manager 6.1.4
Agent is configured to export a specific list of user properties as http headers:
cleartrust.agent.userprops=postalcode
IssueAxM user properties not exported to http header. Error "Missing value for AUTHENTICATION_TYPE in user map"
Error in RSA Access Manager aserver.log (or lserver.log) file
sequence_number=9,2014-01-09 15:09:01:847 PST,messageID=2,user=user1,client_ip_address=192.168.206.135,client_port=1338,result_code=102,result_action=Internal Error,result_reason=Invalid Argument

Error in RSA Access Manager aserver.out file in debug mode
2014/01/09 15:09:01:847 [*] [pool-13-thread-1 (sirrus.authserver.AuthorizationAdaptor.convertResultMap)] - AuthorizationAdaptor.convertResultMap( {RETURN_CODE=INVALID_ARGUMENT, EXCEPTION_MESSAGE=Missing value for AUTHENTICATION_TYPE in user map} ) returning 102
2014/01/09 15:09:01:847 [*] [pool-13-thread-1 (sirrus.authserver.DebugAuthorizationAPI.getUserProperties)] - AuthorizationAPI.getUserProperties( {SC_USER_ID=user1, CT_PROPERTY_NAMES=[postalcode], SC_TOKEN=AAAAAgABAGge7HXGQh8AqA3VotECnYgEkbIKkMN7Q460sCq+IPDFRDvLT4JO/Fnyu634uFo/f0+kNtankutItPw/CIwR4/9nPn/cUH7XJjqamxRf627S3XZmUpc1JgpwJLHEmzuejPOD89KNyzBNfg==}, {CLIENT_IP=192.168.206.135, GUID=1389308941929, CLIENT_PORT=1338, CLIENT_VERSION=10, USER_GROUPS_ENABLED=false, TOKENS_ENABLED=true, USER_PROPERTIES_ENABLED=true} ) returning {RETURN_CODE=INVALID_ARGUMENT, EXCEPTION_MESSAGE=Missing value for AUTHENTICATION_TYPE in user map}

Error message in RSA Access Manger Agent log file.
2013-11-27 10:05:52 -0500 - [11052] - <Info> - Result map: EXCEPTION_MESSAGE\nMissing value for AUTHENTICATION_TYPE in user map\ncached\ntrue\nRETURN_CODE\nINVALID_ARGUMENT
CauseThis issue occurs when the call to getUserProperties is executed using a specific list of user properties.  This call requires a check for the username and the routine looks for either a userID or a token in the map.  An InvalidMapException is thrown if the map contains both a SC_USER_ID and SC_TOKEN, and this leads to the authentication type being removed from the map. 
ResolutionThis issue is resolved in RSA Access Manager 6.2.   
This issue can be avoided if the following setting in the webagent.conf file is set to export all user properties:
cleartrust.agent.userprops=*
If only specific user properties need to be exported you can also set the user properties to be exported only at authorization time and define the user properties by application in the Entitlements Manager and using the following webagent.conf file setting:
cleartrust.agent.userprops_level=AuthZ
Legacy Article IDa63684

Attachments

    Outcomes