000033897 - User alias functionality across trusted realms Error user login "<usernamealias>" could not be discovered in the local realm or by searching configured trusted realms

Document created by RSA Customer Support Employee on Oct 20, 2016Last modified by RSA Customer Support on Nov 6, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033897
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1
IssueWhen utilizing the user alias functionality across trusted realms, users may encounter the following error:
The user login "<usernamealias>" could not be discovered in the local realm or by searching configured trusted realms.

When Enable Trusted Realm Authentication AND Only Trusted Users in Trusted User Groups with access to the agent can authenticate are set for an authentication agent configuration, you must have the user be part of a trusted group.
CauseWhen authentication agent group restriction is enabled, additional settings are required on both side of the trusted realm configuration.
  1. From the Security Console select Administration > Trusted Realms > Trusted User Groups.  
  2. Select either Manage Existing and add the user to the group or select Add New. and create the new group, adding the user to it.
  3. Once you've added the group, you must do the same on the other Authentication Manager primary in the trusted realm.  Be sure the group name and case is exactly the same on both primaries.
  4. Once the group is created you must add users to the group as follows:
    1. In the Security Console, click Administration > Trusted Realms > Trusted Users > Add New.
    2. In the Trusted User ID field, enter the user's user ID.
    3. From the Trusted Realm Name drop-down menu, select the trusted realm where the user belongs.
    4. From the Security Domains drop-down menu, select the security domain where the policies for this trusted user are managed.  Note:  Only administrators whose administrative scope includes the security domain you select can manage the user.
    5. In the Default Shell field, enter the shell that users employ to access a Unix machine.
    6. Click Save.