000013755 - RSA ClearTrust 5.5.3 - SharePoint Access returns a 401 Unauthorized Error

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013755
Applies ToClearTrust Authorization Server 5.5.3
Win 2003 Server, using an IIS 6.0 webserver and any cleartrust or AXM agent for IIS
Microsoft SharePoint
cleartrust.data.ldap.user.attributemap.windowsupn :userPrincipalName
IssueRSA ClearTrust 5.5.3 - SharePoint and the UPN Dynamic Creation Feature
Some users of SharePoint receiving a 401 Unauthorized Error 
CauseThe failing users had no UPN set in the Active Directory datastore. The ClearTrust UPN Dynamic Creation Feature failed when it attempted to dynamically create the UPN from the SAMAccountName and the user DN.
ResolutionContact Customer Support and request RSA ClearTrust Server Hotfix (Build 2654) (26/09/2008) or later.
NotesThis feature is outlined on page 105 of the ClearTrust 5.3.3 Installation and Configuration Guide. "If you use the Attribute Lookup method to obtain UPNs, and if your users are stored in Active Directory, Access Manager provides a Dynamic Creation feature that allows the system to handle users without UPNs. When Access Manager encounters a user without a UPN, it generates the UPN from the user?s SAMAccountName and DN data. This is useful in cases where the UPN does not exist for some or all users. For example, in some environments UPNs are not exported to the Global Catalog".
Legacy Article IDa42324