000024791 - How to configure cross realm authentication when agent hosts are not 'open to all locally known users'

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024791
Applies ToRSA ACE/Server 5.0.1 (no longer supported as of 8-15-2004)
RSA ACE/Server 5.0.2 (no longer supported as of 8-15-2004)
RSA ACE/Server 5.0.3 (no longer supported as of 8-15-2004)
RSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
Cross realm
Disable Open To All Locally Known Users (OTALKU) in ACE/Administration Agent Host definition
IssueHow to configure cross realm authentication when agent hosts are not "open to all locally known users"
How to configure cross realm where users home realm controls user activation to client on hub realm
All remote users on a Hub Realm will be disabled on an Agent Host if you uncheck OTALKU in that Agent Host definition
ResolutionDirectly activate existing Remote Users, or add them to a group and activate the group. Future Remote (Cross-Realm) Users will need to be created and activated manually on the Hub Realm.

As an alternative solution, define the same Agent Host on the Home Realm for the Remote Users. Have the Administrator for the Home Realm activate the desired users or groups on the Agent Host of the Home Realm.

Then, uncheck OTALKU for the Agent Host definition in the Hub Realm, and have Search other realms for users turned on.
Select: Users -> Delete Users on the Hub Realm, and choose Delete All Remote Users.

NOTE: The Names used for the Agent Host Definition must be exactly the same in both Realms or you will receive the error message User Not On Agent Host. The name will force to whatever is defined in the hosts table of the ACE/Server system. Also, you must change the hosts table prior to changing the definition in the ACE/Server.
Legacy Article IDa15144

Attachments

    Outcomes