000030064 - RSA Authentication Manager 8.1 and CISCO Nexus

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030064
Applies To
RSA Product SetSecurID
RSA Product/Service TypeRSA Authentication Manager
RSA Version/Condition8.1 SP1
PlatformSUSE Enterprise Linux
Platform (Other) 
O/S Version11 SP3
Product Name 
Product DescriptionSecurID Appliance
IssueIncorrect CISCO AV-pair RADIUS attribute being returned in the RADIUS authentication response packet after migrating RSA Authentication Manager 7.1 data into an RSA Authentication Manager 8.1 deployment.
CauseRSA Authentication Manager 8.1 Service Pack 1 software has an issue where it is unable to handle quotes in the string value of the CISCO AV-pair RADIUS attribute. This issue is currently being looked at by RSA.
ResolutionUse an administrative account to change the RADIUS Profile Return List Attributes for the Cisco-AVPAIR attribute to have a new string value.
  • Security Console > RADIUS > RADIUS Profiles > Manage Existing > left-click the Profile Name and select Edit
For example, where the Cisco-AVPAIR attribute was shell:roles*"network-admin":NoEcho in the RSA Authentication Manager 7.1 deployment then change the Cisco-AVPAIR attribute string value to shell:roles=network-admin in the  RSA Authentication Manager 8.1 deployment.
RSA Authentication Manager 7.1 Return List Attributes:
User-added image
RSA Authentication Manager 8.1 Return List Attributes:
User-added image