Article Content
Article Number | 000029788 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x |
Issue | An RSA administrator is unable to unassign a token from a user or reassign the token to a new user due to the following error: There was a problem processing your request. Cannot add or manage a user with user ID com.rsa.common.InvalidArgumentException: Duplicate user ID. User IDs must be unique within an identity source. This user ID is already in use by a user in this identity source. Token details show the token is assigned to <Unknown>. The user to whom the token was previously assigned was a user in the external identity source who no longer exists. The token showing as assigned to the <unknown>user happens when the user is deleted from the external identity source before her token was unassigned. To avoid this error, admins for the external identity source should always advise RSA admins when users are being deleted from the external identity source so the RSA admin can unassign the token from the end user before she is deleted. Actions performed
(&(objectClass=User)(objectcategory=person)(!(samaccountname=userid))) where userid is the user who is no longer in the external identity source. Running these steps causes a failure to search for users in the Security Console under Identity > Users > Manage Existing when defining the external identity source as the location to be searched. Performing the manual Clean Up Unresolvable Users job in the Security Console under Setup > Identity Sources > Clean Up Unresolvable Users also does not correct the issue. |
Cause | The user in the external identity source has an illegal character such as @ in the loginuid. For example, testuser@RSA. |
Resolution | To properly resolve the issue login directly to the PostgreSQL database to manipulate the row.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
SELECT * FROM rsa_rep.ims_principal_data p WHERE id=(SELECT t.principal_id FROM rsa_rep.am_token t WHERE t.serial_number='<token_serial_number>'); Note that token_serial_number is a value that is keyed in based on the search of tokens done above.
DELETE FROM rsa_rep.ims_principal_data p WHERE id=(SELECT t.principal_id FROM rsa_rep.am_token t WHere t.serial_number='<token_serial_number>'); Note that token_serial_number is a value that is keyed in based on the search of tokens done above. For example,
This should remove the problematic user from the system and allow the token to be assigned to any user. |