000025813 - local user name attribute value not found in X.509 name

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025813
Applies ToFIM 2.5/2.6
Federated Identity Management Module 2.5
Federated Identity Management Module 2.6
ctUidX509RdnAttribute
Issuecom.rsa.csf.techservice.saml.plugins.SubjectMapperPluginException: local user name attribute value not found in X.509 name: CN=first.last,OU=webusers,DC=test,DC=org
Cause

In FIM's debug log the following exception appears:

2007-03-29 15:17:02,944 - exception:  com.rsa.csf.techservice.saml.plugins.SubjectMapperPluginException: local user name attribute value not found in X.509 name: CN=first.last,OU=webusers,DC=test,DC=org
 at com.rsa.csf.techservice.saml.plugins.CtX509SubjectMapperPluginRP.mapSamlToLocalSubject(Lcom/rsa/csf/techservice/saml/opensaml/SAMLSubject;Ljava/util/Map;)Lcom/rsa/csf/techservice/saml/opensaml/SAMLSubject;(Unknown Source)
 at com.rsa.csf.techservice.saml.common.SamlAssertionProcessor.mapSAMLSubject2LocalSubject(Lcom/rsa/csf/techservice/saml/opensaml/SAMLSubject;Lcom/rsa/csf/domain/objects/RPAssertingParty;)Lcom/rsa/csf/techservice/saml/opensaml/SAMLSubject;(Unknown Source)

A misconfiguration of the "" plugin attribute is the likely cause for this exception.

Resolution

In order to correct this issue:

Identify the affected plugin. As you can see, the exception in raised within the class highlighted in red in the above section.

That class is used (by default) by the plugin "RSA_ClearTrust_X.509_Subject_Plug-in_RP", as you can see from "Class Name" field in FIM's management GUI (Configure System -> Plugins -> Manage Existing, look at the "Class Name" field for all plugins until you have a match).

Verify that in the Plug-In configuration screen the value of the "ctUidX509RdnAttribute" attribute is set correctly. By default this attribute is set to "uid". For the subject line

CN=first.last,OU=webusers,DC=test,DC=org

to be correctly parsed this would need to be changed to "CN".

Legacy Article IDa34117

Attachments

    Outcomes