|Applies To||RSA Authentication Manager 6.0|
RSA ACE/Server RADIUS
The User Extension Data can be passed from the ACE/Server to a requesting client using RADIUS attributes. User Extension Data for each user is accessible through the Administration Tool --> User --> Edit User --> Edit User Extension Data button. There are 2 fields necessary to add User Extension Data: the 'Key' field and the 'Data' field. In the below example, the key is "memberof" and the data is "Ace":
- The next step is to configure a profile under Administration Tool --> Profile --> Add Profile --> Name: TESTPROFILE
- Chose an attribute such as Filter-Id (the attribute must be a class attribute and have a value type selection of "User Extension key prefix"
- From the 'Available Attributes selection box, select "Class"
- From the Pull Down selection box "Value Type" select "User Extension key prefix"
- Under the "Value:" text box type in "memberof" this points to the User Extension key memberof that we added under Edit User
NOTE: You can have more than one key specified in the User Extension Data for the user, and you can pass multiple keys per profile
- The RADIUS profile is also selected under the Administration Tool --> User --> Edit User --> Assign Profile button
- The final step is to run the command /ace/prog/rwconfig . Under Profiles --> Make sure that Enable User Profiles is enabled. Make sure that User Profile Settings --> Profile Extensions is also enabled.
- Lastly, you must stop and start the ACE/Server RADIUS for these changes to take effect. The RADIUS can be stopped and started independently of the ACE/Server as follows:
On Windows NT:
Navigate to Start Menu --> Settings --> Control Panel --> Services --> ACE/Server Radius, right mouse click and select stop, wait until stopped and select start
On Windows 2000:
Navigate to Start Menu --> Control Panel --> Administrative Tools --> Services
|Issue||Trying to pass user extension data from RSA ACE/Server through RADIUS and the extension key is included with the data|
In this instance, the RADIUS attribute and value passed would look like the following:
attr: name=Filter-Id value=memberof=Ace
The desired output would not include the key, "memberof":
attr: name=Filter-Id value=Ace
|Resolution||This issue is resolved in a hot fix for RSA Authentication Manager 6.0. Contact RSA Security Customer Support to obtain hot fix ID17126. RSA Authentication Manager 6.1 will have functionality such that this is configurable.|
|Legacy Article ID||a26281|